Do Son, Author at Daily CyberSecurity • Page 383 of 733

IOCONTROL Malware: CyberAv3ngers’ Weapon of Choice Targets Critical Infrastructure

Do Son December 14, 2024

A sophisticated malware strain dubbed “IOCONTROL” has emerged as a significant threat to industrial control systems (ICS)...

Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication

Do Son December 13, 2024

Kaspersky Labs has unveiled research on the return of “The Mask,” also known as Careto, a legendary...

DCOM Upload & Execute: A New Backdoor Technique Unveiled DCOM Lateral movement

DCOM Upload & Execute: A New Backdoor Technique Unveiled

Do Son December 13, 2024

Deep Instinct Security Researcher Eliran Nissan has uncovered a new and potent lateral movement technique, “DCOM Upload...

Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers

Do Son December 13, 2024

Patchstack has disclosed two critical vulnerabilities in the widely used Woffice WordPress theme, a premium intranet/extranet solution...

Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR DPRK IT Workers, APT38 Crypto Forfeiture

Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR

Do Son December 13, 2024

Akamai security researcher Tomer Peled has unveiled a novel attack technique exploiting Microsoft’s legacy UI Automation framework,...

MAC Address vs. IP Address: Key Differences and Practical Uses CVE-2024-31070 & CVE-2024-36491

MAC Address vs. IP Address: Key Differences and Practical Uses

Do Son December 13, 2024

The internet is one of the marvels of the century. It allows us to stay connected at...

Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10) CVE-2024-37143 & CVE-2024-37144 Dell PowerScale OneFS vulnerability

Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10)

Do Son December 12, 2024

Dell has released a critical security update to address multiple vulnerabilities impacting several of its enterprise products,...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

PDQ Deploy Vulnerability Exposes Admin Credentials: CERT/CC Issues Advisory

Do Son December 12, 2024

A critical vulnerability in PDQ Deploy, a software deployment service used by system administrators, has been highlighted...

Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed Citrix NetScaler attack

Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed

Do Son December 12, 2024

A significant increase in brute-force attacks targeting outdated and misconfigured Citrix NetScaler devices has been observed in...

CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification CVE-2024-55633 Apache Superset Security CVE-2026-23984

CVE-2024-55633 Apache Superset Security CVE-2026-23984

CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification

Do Son December 12, 2024

A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to...

Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome

Do Son December 12, 2024

Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed...

Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks CVE-2024-11972 - Hunk Companion

Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks

Do Son December 12, 2024

A serious vulnerability in the Hunk Companion plugin for WordPress, tracked as CVE-2024-11972 (CVSS 9.8), has been...

High-Profile Organizations in Southeast Asia Hit by Targeted Cyberattacks Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

High-Profile Organizations in Southeast Asia Hit by Targeted Cyberattacks

Do Son December 12, 2024

The Symantec Threat Hunter Team has uncovered a sophisticated cyber campaign targeting high-profile organizations in Southeast Asia....

Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623) TEMPEST attacks

Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623)

Do Son December 12, 2024

Rapid7 Labs and its Managed Detection and Response (MDR) team uncovered a sophisticated modular Java-based Remote Access...

$5 Million Reward Offered After Indictment of North Korean Cyber Operatives

Do Son December 12, 2024

A federal court in St. Louis, Missouri, has indicted 14 nationals of the Democratic People’s Republic of...

Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries BiDi Swap, phishing attacks Cybersecurity Threats

BiDi Swap, phishing attacks Cybersecurity Threats

Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries

Do Son December 12, 2024

A detailed report from Group-IB reveals a sophisticated global phishing campaign targeting employees across 30 companies in...

International Cybercrime Ring Dismantled: Rydox Marketplace Seized and Administrators Arrested

Do Son December 12, 2024

The U.S. Department of Justice announced the takedown of Rydox, a notorious online marketplace for stolen personal...

APT-C-60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations

Do Son December 12, 2024

In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work...

Operation PowerOFF: Europol Cracks Down on Global DDoS-for-Hire Platforms

Do Son December 12, 2024

Law enforcement worldwide has delivered a significant blow to cybercriminals with Operation PowerOFF, an international effort led...

EagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool Honeywell CCTV Vulnerability CVE-2026-1670 EagleMsgSpy Spyware Tool ResidentBat Spyware, Belarusian KGB Surveillance

Honeywell CCTV Vulnerability CVE-2026-1670 EagleMsgSpy Spyware Tool ResidentBat Spyware, Belarusian KGB Surveillance

EagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool

Do Son December 12, 2024

Researchers at the Lookout Threat Lab have identified a sophisticated surveillance tool, dubbed EagleMsgSpy, reportedly used by...

Critical Alert 4 Active Exploits Detected Today