Magnet Goblin is a financially motivated threat actor demonstrating proficiency in swiftly exploiting 1-day software vulnerabilities to gain a foothold in target environments. Their opportunistic approach targets a range of edge devices and enterprise...
According to the Hong Kong Computer Emergency Response Coordination Centre (HKCERT), Hong Kong is facing an increasingly complex phishing threat landscape. Hackers are employing sophisticated techniques to impersonate banks, government agencies like the Inland...
A new malware campaign is spreading rapidly, exploiting an unpatched security hole in the popular Popup Builder WordPress plugin. If you use Popup Builder to create popups on your website and haven’t updated to...
Smart locks promise convenience and a futuristic feel, but recent research exposes a dark side to this technology. Kontrol and Elock locks, both utilizing firmware from the company Sciener, have been found riddled with...
The digitalization of financial markets has brought increased investor access but also heightened vulnerability to cybercrime. India, a burgeoning hub for digital innovation and investment, has recently found itself in the crosshairs of a...
SessionProbe SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible,...
In January 2024, eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign unleashed against Latin American users. This insidious scheme, centered around the Fenix Botnet, employs cunning tactics to compromise victims and inflict...
JFrog Artifactory, a vital tool for many development teams, has recently had several security vulnerabilities revealed. These flaws range in severity and could potentially compromise your software development pipeline. It’s crucial to understand the...
A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation. This flaw, if left unaddressed, could have enabled remote code...
A severe security vulnerability (CVE-2024-28222) has been uncovered in Veritas NetBackup, the widely used enterprise backup solution. This flaw, with a near-perfect CVSS score of 9.8, could allow unauthenticated hackers to remotely execute malicious...
The fallout from the devastating hacker attack on IT provider Xplain continues as the Swiss National Cyber Security Centre (NCSC) publishes a detailed report on the leaked data. The report reveals both the scope...
A flaw (CVE-2024-27295) was found in Directus, a versatile open-source content management platform favored by developers for its flexibility and customization options. This vulnerability leaves thousands of projects potentially exposed to account hijacking attacks....
PichichiH0ll0wer Process hollowing loader written in Nim for PEs only PichichiH0ll0wer has some features to protect your payload. Features Configurable builder Payload encrypted and compressed (and optionally splitted) in the hollow loader Supports splitted...
Cleafy‘s recent analysis of the Copybara campaign highlights a troubling escalation in online banking fraud. Threat actors (TAs) are weaponizing a combination of social engineering, phishing infrastructure, and an advanced Android banking trojan to...
Akamai security researcher Tomer Peled recently unveiled the technical detail and proof-of-concept (PoC) for a vulnerability within Microsoft Themes (CVE-2024-21320). This vulnerability, with a CVSS score of 6.5, enables attackers to execute authentication coercion...
Secure Your Connection
