Malicious Browser Extension Hijacks Solana Transactions
Jupiter Research has published the findings of an investigation into an incident in which some users of DeFi applications on the Solana platform lost their funds. The culprit behind the...
Security Daily
Hacking the Hacker: Researcher Found Critical Flaw (CVE-2024-45163) in Mirai Botnet
Security researcher Jacob Masse has exposed a critical vulnerability within the Mirai botnet, the infamous malware that has plagued the Internet of Things (IoT) and server landscapes since 2016. Designated...
China-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399)
At the beginning of 2024, the Chinese group Velvet Ant exploited a patched zero-day vulnerability (CVE-2024-20399, CVSS 6.7) in Cisco switches to gain control over devices and bypass threat detection...
Cyberattack on Magento: Hackers Inject Skimmer, Card Data Stolen
During a recent cyberattack on numerous online stores utilizing the Magento platform, a skimmer was injected into the sites, stealing customers’ payment card data, including the card number, expiration date,...
User Outcry Forces Google to Resume Chrome Support on Ubuntu 18.04
Google unexpectedly discontinued support for the Chrome browser on the current long-term support operating system, Ubuntu 18.04 LTS “Bionic Beaver,” with the release of Chrome 128. This decision sparked a...
CVE-2024-43399: Critical Zip Slip Vulnerability Discovered in Mobile Security Framework (MobSF)
A serious security flaw has been uncovered in Mobile Security Framework (MobSF), a widely-used open-source tool for mobile app security analysis. The vulnerability, identified as CVE-2024-43399 (CVSS 9.8), could allow...
ShellSweepX: A Precision Tool for Web Shell Detection
In the realm of cybersecurity, the ever-present threat of web shells demands specialized solutions. These malicious scripts, often concealed within legitimate web applications, can provide attackers with unauthorized access, potentially...
PEAKLIGHT Malware: A New Stealthy Memory-Only Threat Emerges
Cybersecurity researchers at Mandiant have unveiled a sophisticated new memory-only dropper and downloader that’s been silently delivering a variety of malware-as-a-service infostealers, including LUMMAC.V2, SHADOWLADDER, and CRYPTBOT. This stealthy malware,...
Qilin Ransomware: Beyond Encryption, a New Threat of Credential Theft
The Qilin ransomware group, already infamous for its “double extortion” tactics, has now added a new strategy to its repertoire: credential harvesting from Google Chrome browsers. A recent investigation by...
CertiK Issues Public Apology to Kraken Over $3M Bug Bounty Incident
The cybersecurity firm CertiK has publicly confirmed its involvement in the incident with the cryptocurrency exchange Kraken, which had earlier accused an unnamed “whitehat research” of stealing $3 million in...
Moscow Hacker Arrested in Georgia, Faces U.S. Court for Cybercrimes
Deniss Zolotarjovs, a 33-year-old resident of Moscow, has recently been charged with participating in the activities of an international cybercriminal organization. A federal grand jury in Ohio has indicted him...
CVE-2024-39717: Versa Networks Director GUI Flaw Under Active Attack, CISA Issues Urgent Patching Directive
In a recent cybersecurity alert, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the active exploitation of a severe vulnerability identified as CVE-2024-39717. This flaw, found within Versa...
ALBeast Vulnerability Exposes Thousands of AWS Applications to Critical AuthN/AuthZ Bypass
A new configuration-based vulnerability, dubbed ALBeast, has been uncovered by Miggo Research, affecting a staggering number of applications relying on AWS Application Load Balancers (ALBs) for authentication. This critical flaw...
New PostgreSQL Threat: PG_MEM Malware Strikes Databases
A new and insidious threat has emerged, targeting the widely used PostgreSQL database management system. Aqua Nautilus researchers have identified a novel malware strain, named “PG_MEM,” which employs a sophisticated...
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities
Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024-7971, exists...
