In a worrisome turn of events, messaging app giant Line Yahoo Corporation has revised the scope of its previously reported data breach. A deeper investigation uncovered additional compromises, significantly boosting the number of potentially...
NGINX, the workhorse web server behind countless high-traffic websites, has released an urgent patch (version 1.25.4) to address two critical vulnerabilities (CVE-2024-24989, CVE-2024-24990) lurking within its experimental HTTP/3 implementation. While this newer, faster protocol...
In the vast and interconnected world of software development, the Python ecosystem stands out for its accessibility and extensive library support. However, this strength also brings vulnerabilities. Recently, Imperva Threat Research shone a light...
Microsoft has sounded the alarm on a critical security vulnerability within the Exchange Server (CVE-2024-21410, CVSS 9.8) that has already been exploited in the wild before this month’s Patch Tuesday fixes. This flaw offers...
Recently, the FortiGuard team identified a new malware targeting the unwary with precision and ingenuity. Dubbed the “TicTacToe Dropper,” this malware has demonstrated the sophistication and adaptability of modern cyber threats. Originating from a...
Microsoft has issued a critical advisory about a newly discovered vulnerability, CVE-2024-21413, within Microsoft Outlook. Discovered by Check Point’s Haifei Li, this vulnerability, scoring a severe 9.8 on the CVSS scale, allows attackers to...
In the ever-evolving landscape of digital security, the GitHub Enterprise Server (GHES) has emerged as a cornerstone for enterprise-level code management and collaboration. As a self-hosted version of GitHub, GHES offers organizations the ability...
AhnLab Security Intelligence Center (ASEC) recently sounded the alarm over a cunning Revenge RAT malware campaign. This campaign stands out with its skillful abuse of legitimate tools like ‘smtp-validator’ and ‘Email to SMS,’ making...
In a recent disclosure, a series of potential vulnerabilities have come to light, affecting a range of AMD processors. AMD has taken these findings seriously, issuing CVEs alongside mitigation recommendations to safeguard users against...
Recently, the Cybereason Security Services Team unveiled a startling report titled “From Cracked to Hacked: Malware Spread via YouTube Videos,” revealing a sophisticated cyber threat landscape. This investigation uncovers how threat actors ingeniously exploit...
A formidable entity known as the Kimsuky threat group, purportedly backed by North Korea, has cast a long shadow since its emergence in 2013. Initially setting its sights on South Korea’s research institutes, Kimsuky’s...
In the ever-evolving landscape of cybersecurity, the emergence of advanced persistent threat (APT) groups represents a formidable challenge to organizations worldwide. Among these, one group has recently surged to prominence, leaving a trail of...
CharmingCypress, also known as Charming Kitten, APT42, and TA453, is an Iranian-origin threat actor that has been observed engaging in sophisticated spear-phishing campaigns targeting various organizations, including think tanks, NGOs, and journalists. Volexity, a...
Microsoft’s February 2024 Patch Tuesday release was critical. 79 vulnerabilities received fixes this month, including five rated as critical—the highest severity level. Of grave concern, two of these were ‘zero-days’ (CVE-2024-21351 and CVE-2024-21412), meaning...
Zoom, the popular video conferencing platform, has addressed several critical security vulnerabilities affecting its Windows, iOS, and Android clients. A total of 7 security flaws were fixed. IT teams and individual users should patch...
Secure Your Connection
