A critical-severity vulnerability, identified as CVE-2024-32971 with a CVSS score of 9.1, has been discovered in versions 1.44.0 and 1.45.0 of the Apollo Router, a high-performance graph router written in Rust designed for handling...
A new report by cybersecurity firm Mandiant has revealed the inner workings of APT42, an Iranian state-sponsored actor believed to be operating under the aegis of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO)....
A significant security flaw has been discovered in the widely used XML-Crypto npm package, a tool integral to the cryptographic security of XML documents. This vulnerability, identified as CVE-2024-32962, carries the highest severity score...
Dropbox confirmed a security breach on April 24th within its Dropbox Sign (formerly HelloSign) service, exposing customer data including email addresses, usernames, phone numbers, and hashed passwords. API keys, OAuth tokens, and authentication information...
Security researchers at Lumen Technologies’ Black Lotus Labs have uncovered a sophisticated new malware campaign targeting enterprise-grade small office/home office (SOHO) routers. Dubbed “Cuttlefish,” the malware is designed to remain undetected while stealing sensitive...
A recent update of Apple’s XProtect security framework, which included an unprecedented 74 new rules targeting the prolific Adload adware, appears to have been ineffective. Security researchers at SentinelOne have identified new Adload variants...
Security researchers at Microsoft Threat Intelligence have revealed a critical vulnerability pattern affecting a wide array of popular Android applications. Dubbed “Dirty Stream,” this vulnerability presents a new method for malicious apps to subvert...
Recently, HPE Aruba Networking announced a comprehensive update to its ArubaOS software, targeting multiple critical vulnerabilities that could potentially allow attackers to execute arbitrary code remotely and cause denial-of-service conditions. The advisory details patches...
Security researchers at FortiGuard Labs have uncovered a new botnet campaign. Dubbed “Goldoon,” this botnet is ruthlessly exploiting a nearly decade-old vulnerability in D-Link devices to commandeer them for malicious activities, primarily Distributed Denial-of-Service...
The world of cybersecurity is witnessing an alarming trend as ransomware groups intensify their attacks on Microsoft SQL (MS-SQL) servers, exploiting weak management practices to deploy devastating malware. The AhnLab Security Intelligence Center (ASEC)...
go-secdump Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without...
SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms...
Recent findings by Cisco Talos have unveiled a coordinated threat actor campaign dubbed “ArcaneDoor,” targeting government-owned network devices globally. This campaign has exploited previously unknown zero-day vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and...
A comprehensive report by the anonymous analyst ZachXBT has uncovered the money laundering tactics employed by the North Korean hacking collective, Lazarus Group. The group is estimated to have laundered over $200 million in...
Claris International released a critical security patch for its FileMaker Server software today, addressing a vulnerability that could allow unauthorized access to sensitive data within hosted databases. The vulnerability, tracked as CVE-2024-27790, has been...
Secure Your Connection
