Security researchers from NVISO have uncovered two sophisticated TLS-based backdoors, dubbed SparkCockpit and SparkTar, actively targeting critical-sector organizations using Ivanti Pulse Secure appliances. These backdoors demonstrate a worrying escalation in network appliance attacks, compromising...
Hikvision, a titan in the surveillance solutions industry, recently addressed two security vulnerabilities affecting its centralized security management platform, HikCentral Professional. Used by countless customers worldwide to safeguard assets and properties, HikCentral Professional’s potential...
Apache Ambari simplifies the complexities of managing Hadoop clusters. Ironically, a recently disclosed vulnerability could transform it into an unexpected entry point for attackers. CVE-2023-50378, a stored cross-site scripting (XSS) flaw, presents a significant...
A recent investigation by McAfee Labs has shed light on a significant surge in malware distribution through one of the most ubiquitous document formats: the PDF. This surge marks a concerning shift in cybercriminal...
Recently, SolarWinds has disclosed and patched a serious remote code execution (RCE) vulnerability in its Security Event Manager (SEM) solution. This flaw, tracked as CVE-2024-0692, could allow unauthenticated attackers to take complete control of...
MultiDump MultiDump is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python. MultiDump supports LSASS dump via ProcDump.exe or comsvc.dll, it offers...
An independent security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability (CVE-2023-42942) that could be exploited for root privilege escalation. The Discovery of CVE-2023-42942 The security defect was identified and reported...
Pentest Muse Building an AI agent that can automate parts of pentesting jobs and provide live suggestions to pentesters. Requirements Python 3.12 or later Necessary Python packages as listed in requirements.txt OpenAI API key Modes...
A new Linux-based malware, christened GTPDOOR, has emerged with a cunning strategy to infiltrate the heart of telecommunication networks – the GRX (GPRS Roaming Exchange). By harnessing the GPRS Tunneling Protocol (GTP-C), usually confined...
The world of Pay-Per-Install (PPI) malware rarely stands still, and PrivateLoader, a notorious player in this arena, has pulled a new set of tricks out of its sleeve. This widespread malware downloader has recently...
On February 29th, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched security flaw (CVE-2023-29360) in Microsoft Streaming Service to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation....
The cybersecurity landscape is constantly shifting, and a new, more insidious Linux variant of the Bifrost RAT has emerged, underscoring the importance of heightened vigilance. Discovered by Palo Alto Networks’ Unit 42 Incident Response...
The world of blockchain and angel investing can be thrilling but also fraught with risks. Security experts from Hunt are currently tracking a sophisticated phishing scheme aimed squarely at entrepreneurs operating within Telegram communities...
A high-severity security vulnerability (CVE-2024-1468, CVSS score 8.8) has been discovered in the popular Avada WordPress theme with nearly 950,000 sales. This vulnerability allows authenticated attackers with contributor-level permissions or higher to upload arbitrary...
NVIDIA, the graphics processing powerhouse, has released a crucial security update for its GPU Display Drivers. This February 2024 update addresses multiple vulnerabilities that could potentially compromise your system’s security, ranging from system crashes...
Secure Your Connection
