News Archives • Page 399 of 632 • Daily CyberSecurity

Critical Flaw in NixOS Package Manager: CVE-2024-45593 Allows Arbitrary File Write with Root Permissions Nix Sandbox Escape Root Escalation CVE-2024-45593

Nix Sandbox Escape Root Escalation CVE-2024-45593

Critical Flaw in NixOS Package Manager: CVE-2024-45593 Allows Arbitrary File Write with Root Permissions

Ddos September 15, 2024

A high-severity security flaw has been discovered in Nix, the popular package manager for Linux and Unix-based...

Iranian Cyberespionage Campaign Targets Iraqi Government APT34

Iranian Cyberespionage Campaign Targets Iraqi Government

Ddos September 15, 2024

Check Point Research (CPR) has uncovered a sophisticated cyberespionage campaign aimed at the Iraqi government, bearing the...

BadIIS Malware : 35+ IIS Servers Compromised in DragonRank Campaign DragonRank - BadIIS malware

BadIIS Malware : 35+ IIS Servers Compromised in DragonRank Campaign

Ddos September 15, 2024

A recent report from Cisco Talos has exposed a new threat actor named DragonRank, a Chinese-speaking group...

Medusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks Medusa Ransomware group

Medusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks

Ddos September 14, 2024

A recent report from Bitdefender highlights how Medusa has not only continued its relentless attacks but has...

20+ Victims and Counting: Lynx Ransomware’s Swift Rise

Ddos September 14, 2024

In a recent report from Rapid7 Labs, the Lynx ransomware group has emerged as a new threat...

Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos

Ddos September 13, 2024

A new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by...

CISA & Ivanti Warn of Active Exploitation Cloud Services Appliance Flaw CVE-2024-8190 Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

CISA & Ivanti Warn of Active Exploitation Cloud Services Appliance Flaw CVE-2024-8190

Ddos September 13, 2024

A high-severity vulnerability (CVE-2024-8190) in Ivanti Cloud Services Appliance (CSA) is under active exploitation, prompting an urgent...

RansomHub Adopts New Tactics in Latest Attack, Bypasses EDR and Harvests Credentials RansomHub ransomware group - TDSSKiller

RansomHub Adopts New Tactics in Latest Attack, Bypasses EDR and Harvests Credentials

Ddos September 13, 2024

Recently, the ThreatDown Managed Detection and Response (MDR) team has uncovered a novel attack method employed by...

Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required CVE-2024-45823 and CVE-2024-45824

Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required

Ddos September 13, 2024

Two recently discovered vulnerabilities in Rockwell Automation’s FactoryTalk software products pose a serious threat to industrial control...

CVE-2024-45186: FileSender Vulnerability Poses Risk to User Credentials, Immediate Action Required

Ddos September 13, 2024

A severe security flaw has been identified in FileSender, the popular web-based application that allows authenticated users...

Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws CVE-2024-7889

Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws

Ddos September 13, 2024

In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used...

Wayback Machine Integration: Google Search Makes Digital History Accessible Google Search Internet Archive

Wayback Machine Integration: Google Search Makes Digital History Accessible

Ddos September 13, 2024

The Internet Archive preserves billions of web pages from around the globe, allowing users to inspect historical...

Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade iOS 18 Activation Lock

Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade

Ddos September 13, 2024

Once Lost Mode is activated on an Apple device, it is incredibly difficult to disable unless done...

CVE-2024-8695 & CVE-2024-8696: Two Critical RCE Flaws Discovered in Docker Desktop

Ddos September 12, 2024

Docker Desktop, the go-to application for containerized application development, has recently been found to harbor two critical...

Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released

Ddos September 12, 2024

According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected...

Cybersecurity Alert: Python Libraries Exploited for Malicious Intent Malicious Python Libraries

Cybersecurity Alert: Python Libraries Exploited for Malicious Intent

Ddos September 12, 2024

A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light...

CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw

Ddos September 12, 2024

In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software....

Crimson Palace Returns: Chinese State-Sponsored Cyber Espionage Operation Escalates with New Tools and Targets Crimson Palace - Cluster Bravo

Crimson Palace Returns: Chinese State-Sponsored Cyber Espionage Operation Escalates with New Tools and Targets

Ddos September 12, 2024

After a brief hiatus, the Crimson Palace operation, a Chinese state-directed cyber espionage campaign, has resurfaced, armed...

Beyond HTML: The Hidden Danger of Phishing in HTTP Response Headers Phishing page

Beyond HTML: The Hidden Danger of Phishing in HTTP Response Headers

Ddos September 12, 2024

Unit 42 researchers from Palo Alto Networks have uncovered a wave of large-scale phishing campaigns exploiting a...

Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw

Ddos September 12, 2024

In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver...