News Archives • Page 351 of 632 • Daily CyberSecurity

Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises threat group Earth Koshchei

Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises

Ddos December 19, 2024

Trend Micro has unveiled a large-scale rogue remote desktop protocol (RDP) campaign conducted by the threat group...

Weaponized Hacktivism: How Countries Use Activists for Cyber Warfare IARPA Research Security Data Abyss Report Telecom threat, Secret Service cybersecurity news - Cyber Espionage Campaign

IARPA Research Security Data Abyss Report Telecom threat, Secret Service cybersecurity news - Cyber Espionage Campaign

Weaponized Hacktivism: How Countries Use Activists for Cyber Warfare

Ddos December 19, 2024

The intersection of hacking and activism, commonly known as hacktivism, has transformed into a formidable force in...

Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788 FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788

Ddos December 19, 2024

In a recent investigation, Kaspersky’s Global Emergency Response Team (GERT) uncovered active exploitation of a patched vulnerability...

CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM CVE-2023-45590

CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM

Ddos December 18, 2024

Fortinet, a leading cybersecurity vendor, has issued urgent advisories regarding several critical vulnerabilities affecting its popular products,...

CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers

Ddos December 18, 2024

A recently disclosed security vulnerability in Next.js, a popular React framework used by millions of developers worldwide,...

VIPKeyLogger: A New Infostealer Targeting Sensitive Data via Phishing Campaigns UAT-8099 BadIIS Malware Pacific Islands Forum Cyberattack

VIPKeyLogger: A New Infostealer Targeting Sensitive Data via Phishing Campaigns

Ddos December 18, 2024

Forcepoint researchers have uncovered an alarming rise in activity involving a new infostealer malware named VIPKeyLogger. Distributed...

Azure Key Vault Vulnerability: Exploiting Role Misconfigurations for Privilege Escalation Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure Key Vault Vulnerability: Exploiting Role Misconfigurations for Privilege Escalation

Ddos December 18, 2024

Datadog Security Labs has uncovered a potential privilege escalation method in Azure Key Vault that could grant...

CVE-2024-10205: Critical Authentication Bypass Flaw Found in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer

Ddos December 18, 2024

Hitachi Vantara has disclosed a critical authentication bypass vulnerability (CVE-2024-10205) affecting its Infrastructure Analytics Advisor and Ops...

“Mamont” Android Banking Trojan Disguised as Parcel Tracking App Targets Thousands in Russia Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

“Mamont” Android Banking Trojan Disguised as Parcel Tracking App Targets Thousands in Russia

Ddos December 18, 2024

Kaspersky Labs has uncovered a distribution campaign for the “Mamont” Android banking Trojan, a sophisticated piece of...

CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution BeyondTrust Vulnerability CVE-2026-1731 CVE-2024-12356 - CVE-2025-0889 BeyondTrust Privilege Escalation, Windows Security

CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution

Ddos December 18, 2024

A critical command injection vulnerability (CVE-2024-12356) has been discovered in BeyondTrust’s Privileged Remote Access (PRA) and Remote...

BADBOX Botnet Rises Again: 192,000+ Android Devices Compromised

Ddos December 18, 2024

The BADBOX botnet is back and more dangerous than ever. Originally thought to have been dismantled, this...

Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration Azure Data Factory Apache Airflow - Dirty DAG vulnerabilities

Azure Data Factory Apache Airflow - Dirty DAG vulnerabilities

Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration

Ddos December 18, 2024

Unit 42 researchers have uncovered multiple vulnerabilities in Azure Data Factory’s managed Apache Airflow integration, potentially enabling...

High-Severity Vulnerabilities Fixed in Latest Chrome Release CVE-2024-12692 & CVE-2024-12695

High-Severity Vulnerabilities Fixed in Latest Chrome Release

Ddos December 18, 2024

Google has released a crucial update for its Chrome browser, addressing five security vulnerabilities, several of which...

Fake CAPTCHAs Deliver Lumma Infostealer Malware in Massive Malvertising Campaign

Ddos December 18, 2024

A large-scale malvertising campaign analyzed by Guardio Labs exposes how fake CAPTCHA prompts are used to deliver...

RisePro and PrivateLoader Threat Actors Strike Again with RiseLoader BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

RisePro and PrivateLoader Threat Actors Strike Again with RiseLoader

Ddos December 18, 2024

Zscaler ThreatLabz has identified a new malware family, RiseLoader, which specializes in downloading and executing second-stage payloads....

Discover the Advanced Techniques and Capabilities of Nova: A Snake Keylogger Fork Snake Keylogger family

Discover the Advanced Techniques and Capabilities of Nova: A Snake Keylogger Fork

Ddos December 18, 2024

Nova, a newly discovered fork of the infamous Snake Keylogger family, is a growing challenge in cybersecurity....

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Ddos December 17, 2024

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a...

CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published CVE-2024-53376 PoC

CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published

Ddos December 17, 2024

Security researcher Thanatos has uncovered a critical vulnerability (CVE-2024-53376) in CyberPanel, a popular web hosting control panel,...

New Malware “I2PRAT” Exploits Anonymous I2P Network for Stealthy Command and Control DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

New Malware “I2PRAT” Exploits Anonymous I2P Network for Stealthy Command and Control

Ddos December 17, 2024

A new malware campaign, identified as I2PRAT (I2P Remote Access Trojan), is raising the bar for cybercriminals’...

CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges

Ddos December 17, 2024

A newly discovered vulnerability in MinIO, the popular open-source object storage platform, could allow any user to...

Critical Alert 1 Active Exploit Detected Today