Daily CyberSecurity • Page 439 of 739 • Zero-hour alerts. Unmatched analysis.

Earth Preta’s Cyber Arsenal Expands: New Malware and Strategies Target APAC Governments

Do Son September 10, 2024

A new report from Trend Micro has revealed that Earth Preta, the notorious cyber espionage group, has...

CVE-2024-8517: Critical SPIP Flaw Leaves Websites Vulnerable to Remote Attacks, PoC Published CVE-2024-8517 exploit

CVE-2024-8517: Critical SPIP Flaw Leaves Websites Vulnerable to Remote Attacks, PoC Published

Do Son September 10, 2024

The popular open-source content management system (CMS), SPIP, is facing a critical security vulnerability that could allow...

Quad7 Operators Unveil New Moves with Advanced HTTP Reverse Shells and Botnet Expansion

Do Son September 10, 2024

In a recent report from Sekoia TDR, the Quad7 botnet operators—already known for leveraging compromised routers to...

Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0) Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0)

Do Son September 10, 2024

Ivanti has released a series of critical updates for its widely used Ivanti Endpoint Manager (EPM), addressing...

Siemens Issues Critical Security Advisory for User Management Component (UMC) – CVE-2024-33698 CVE-2024-33698 & CVE-2024-35783 & CVE-2024-45032

Siemens Issues Critical Security Advisory for User Management Component (UMC) – CVE-2024-33698

Do Son September 10, 2024

Siemens, a global industrial automation giant, has disclosed a critical heap-based buffer overflow vulnerability in its User...

NGINX Open Source Makes the Jump to GitHub, Boosting Collaboration and Community Engagement NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

NGINX Open Source Makes the Jump to GitHub, Boosting Collaboration and Community Engagement

Do Son September 10, 2024

In a significant shift for the open-source community, NGINX, the widely popular reverse proxy server, has announced...

CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and SonicWall SonicWall vulnerability

CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and SonicWall

Do Son September 9, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding three actively exploited vulnerabilities...

CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products CVE-2024-6342 - Zyxel NAS542 & NAS326

CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products

Do Son September 9, 2024

Zyxel has released critical hotfixes for two of its NAS products, NAS326 and NAS542, which have already...

CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published CVE-2024-30051 exploit PoC

CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published

Do Son September 9, 2024

Security researchers published the technical details and a proof-of-concept exploit (PoC) code for a zero-day vulnerability in...

FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

Do Son September 9, 2024

The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions...

Chinese APT Groups Continue to Leverage Open-Source and Custom Reconnaissance Tools in Cyber Espionage Campaigns

Do Son September 9, 2024

The Natto Thoughts team recently uncovered key insights into the reconnaissance techniques used by Chinese state-sponsored threat...

ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign

Do Son September 9, 2024

Cyber espionage continues to intertwine with global strategy as the ToneShell backdoor, linked to the notorious Mustang...

New Loki Backdoor Emerges: A Private Agent for Mythic Framework Unveiled

Do Son September 9, 2024

Kaspersky Labs uncovered a new threat—Loki, a sophisticated backdoor that has been deployed in a series of...

SpyAgent Malware Targets Crypto Wallets via Image Scanning

Do Son September 9, 2024

McAfee’s Mobile Research Team has issued a warning about a new, sophisticated Android malware campaign dubbed SpyAgent....

Chinese APT Stately Taurus Exploits Visual Studio Code in Cyberespionage Attacks The observed connection between Listener.bat of Stately Taurus and ShadowPad

The observed connection between Listener.bat of Stately Taurus and ShadowPad

Chinese APT Stately Taurus Exploits Visual Studio Code in Cyberespionage Attacks

Do Son September 9, 2024

In a recent report, cybersecurity researchers at Unit 42 have uncovered a novel and concerning tactic employed...

TIDRONE: The Unseen Cyberespionage Threat Targeting Taiwan’s Military and Satellite Industries

Do Son September 9, 2024

A newly identified threat cluster, dubbed TIDRONE, has been actively targeting the Taiwanese military and satellite industries...

Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution

Do Son September 8, 2024

Elastic, the company behind the popular open-source data visualization and analytics platform Kibana, has issued a critical...

HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required

Do Son September 8, 2024

In the latest security advisory, HAProxy revealed that CVE-2024-45506, a vulnerability in its popular load balancing and...

PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 CVE-2024-26230 PoC Exploit

PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230

Do Son September 8, 2024

Security researcher published the technical details and a proof-of-concept (PoC) exploit for a patched elevation of privilege...

BlindEagle APT Targets Colombian Insurance with BlotchyQuasar RAT

Do Son September 8, 2024

Cybersecurity researchers at Zscaler ThreatLabz have uncovered a new wave of attacks by the BlindEagle APT group,...