News Archives • Page 344 of 632 • Daily CyberSecurity

Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766 PyPI Packages Leak

Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766

Ddos January 6, 2025

In September 2024, a critical vulnerability in SonicWall NSA devices, tracked as CVE-2024-40766, was disclosed. Since then,...

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover

Ddos January 6, 2025

Argo Workflows, a widely-used open-source tool for orchestrating workflows in Kubernetes, has become a valuable asset for...

CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys CVE-2023-46850 - CVE-2024-8474

CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys

Ddos January 6, 2025

Popular VPN client app, OpenVPN Connect, patched a critical security flaw that could have exposed users’ private...

Vulnerability Overload: 40,000+ CVEs in 2024 CVE 2024

Vulnerability Overload: 40,000+ CVEs in 2024

Ddos January 6, 2025

Security researcher Jerry Gamblin has released his annual CVE data review. 2024 saw an unprecedented surge in...

Beware of PhishWP: New WordPress Plugin Targets Online Shoppers WordPress Backdoor

Beware of PhishWP: New WordPress Plugin Targets Online Shoppers

Ddos January 6, 2025

Imagine browsing a seemingly legitimate e-commerce site, entering your payment details, and confidently completing a purchase, only...

EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities EAGERBEE backdoor

EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities

Ddos January 6, 2025

Kaspersky Labs has uncovered a sophisticated cyberespionage campaign deploying the EAGERBEE backdoor to infiltrate internet service providers...

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste Windows 11's TPM 2.0

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste

Ddos January 6, 2025

The Free Software Foundation (FSF) is fresh off a successful International Day Against DRM (IDAD), held on...

CVE-2024-43452: PoC Exploit Released for Windows Elevation of Privilege Bug CVE-2024-43452 PoC exploit

CVE-2024-43452: PoC Exploit Released for Windows Elevation of Privilege Bug

Ddos January 5, 2025

Security researchers published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-43452 (CVSS 7.5), a...

CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action

Ddos January 5, 2025

Moxa, a leading provider of industrial networking and communication solutions, has issued a security advisory warning of...

NonEuclid RAT—A Sophisticated Tool in the Cybercrime Arsenal Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

NonEuclid RAT—A Sophisticated Tool in the Cybercrime Arsenal

Ddos January 5, 2025

The NonEuclid Remote Access Trojan (RAT), detailed in a report by CYFIRMA, represents a significant evolution in...

CryptBot Infostealer Returns with Sophisticated Tactics for Initial Access PHP RCE vulnerability

CryptBot Infostealer Returns with Sophisticated Tactics for Initial Access

Ddos January 5, 2025

CryptBot, an information-stealing malware first detected in 2019, has resurfaced with advanced tactics to target unsuspecting victims....

GoCD Patches Critical Vulnerability Allowing User Privilege Escalation GoCD vulnerability

GoCD Patches Critical Vulnerability Allowing User Privilege Escalation

Ddos January 5, 2025

Open-source CI/CD platform GoCD has released an urgent security update to address a critical vulnerability, CVE-2024-56320 (CVSS...

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

Ddos January 5, 2025

Researchers at Socket have uncovered a series of malicious campaigns exploiting Out-of-Band Application Security Testing (OAST) techniques....

Hackers Exploit Social Security Administration Branding to Deliver ConnectWise RAT phishing-3390518_1280

Hackers Exploit Social Security Administration Branding to Deliver ConnectWise RAT

Ddos January 5, 2025

In a concerning escalation of phishing tactics, hackers are spoofing the United States Social Security Administration (SSA)...

Cybersecurity Alert: FireScam—The Android Malware Disguised as Telegram Premium BadBox 2.0, Android Botnet Alien spyware - CVE-2024-43093

Cybersecurity Alert: FireScam—The Android Malware Disguised as Telegram Premium

Ddos January 5, 2025

In an era where mobile applications dominate daily life, cybersecurity threats have reached unprecedented sophistication. A recent...

CVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits WordPress POP chain attack - CVE-2024-10957

WordPress POP chain attack - CVE-2024-10957

CVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits

Ddos January 4, 2025

A newly discovered vulnerability in the UpdraftPlus Backup & Migration Plugin, used by over 3 million WordPress...

MISP Unveils the Threat Actor Naming Standard Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

MISP Unveils the Threat Actor Naming Standard

Ddos January 4, 2025

The MISP-standard.org has announced an advancement in cybersecurity information sharing with the release of the Threat Actor...

Atos Responds to Space Bears Ransomware Allegations Space Bears group

Atos Responds to Space Bears Ransomware Allegations

Ddos January 4, 2025

In a response to recent allegations made by the ransomware group “Space Bears,” Atos, a global leader...

US Treasury Sanctions Chinese Cybersecurity Firm for Supporting Cyberattacks on Critical Infrastructure Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

US Treasury Sanctions Chinese Cybersecurity Firm for Supporting Cyberattacks on Critical Infrastructure

Ddos January 3, 2025

The U.S. Department of the Treasury has taken decisive action against a Chinese cybersecurity company accused of...

Data Centers Get an AI Upgrade: Microsoft’s $80 Billion Commitment Microsoft, pricing change Microsoft Server Pricing, On-Premises Price Hike Security Core Priority - Microsoft data centers

Microsoft, pricing change Microsoft Server Pricing, On-Premises Price Hike Security Core Priority - Microsoft data centers

Data Centers Get an AI Upgrade: Microsoft’s $80 Billion Commitment

Ddos January 3, 2025

In a recent blog post, Microsoft outlines a bold vision for the future of American technology and...

Critical Alert 1 Active Exploit Detected Today