CharmingCypress, also known as Charming Kitten, APT42, and TA453, is an Iranian-origin threat actor that has been observed engaging in sophisticated spear-phishing campaigns targeting various organizations, including think tanks, NGOs, and journalists. Volexity, a...
Microsoft’s February 2024 Patch Tuesday release was critical. 79 vulnerabilities received fixes this month, including five rated as critical—the highest severity level. Of grave concern, two of these were ‘zero-days’ (CVE-2024-21351 and CVE-2024-21412), meaning...
Zoom, the popular video conferencing platform, has addressed several critical security vulnerabilities affecting its Windows, iOS, and Android clients. A total of 7 security flaws were fixed. IT teams and individual users should patch...
A severe zero-day vulnerability (CVE-2023-50358) has been discovered in QNAP Network Attached Storage (NAS) devices. This flaw allows attackers to execute commands remotely, potentially taking full control of vulnerable systems. Threat actors are already...
Bumblebee, a malware favored by cybercriminals, disappeared for a few months but is now back in action. After a four-month hiatus, Proofpoint researchers have detected the sophisticated downloader’s return. Security experts spotted a recent...
German software giant SAP has sounded the alarm bells with its February 2024 Security Patch Day, releasing a total of 13 new and 3 updated security notes. These patches address a range of vulnerabilities,...
Industrial control systems (ICS) silently orchestrate the vital processes behind our modern world. These intricate networks of software and hardware automate everything from electricity flow to water treatment, playing a critical role in infrastructure....
TInjA – the Template INJection Analyzer TInjA is a CLI tool for testing web pages for template injection vulnerabilities. It supports 44 of the most relevant template engines (as of September 2023) for eight different programming languages. Features...
domainim Domainim is a Blazing fast domain reconnaissance tool for bounty hunters written in Nim. Features Virtual hostname enumeration Reverse DNS lookup Subdomains as input Verbose output TCP port scanning with full user control...
Introduction In today’s world of online applications, it’s important to keep our sensitive information safe, follow the rules, and be ready to handle possible issues. Organizations are dealing with lots of new technology and...
Pikabot, a malware loader first observed in early 2023, has reemerged after a brief lull in activity, showcasing substantial transformations in its codebase and techniques. Security researchers at ThreatLabz continue their tracking of Pikabot’s...
In the realm of social media, where centralized giants often dominate the landscape, Pixelfed has emerged as a beacon of hope for those yearning for privacy, security, and a decentralized ethos. As an open-source...
In the shadowy corners of the internet, a formidable malware known as Glupteba has been lurking, evolving, and spreading its tentacles across the globe. This sophisticated malware has carved a niche for itself in...
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on a significant ‘actively exploited’ flaw in Roundcube Webmail (CVE-2023-43770). This vulnerability could permit attackers to execute malicious code directly in your webmail...
Introduction In today’s digital age, more and more data is moving to the cloud. From personal photos and contacts to critical business documents, the convenience of accessing information from anywhere is undeniable. However, this...
Secure Your Connection
