Over 1,400 internet-accessible CrushFTP servers are vulnerable to attacks exploiting the critical server vulnerability CVE-2024-4040. This flaw, whose active exploitation was previously reported at the beginning of the week, allows unauthorized attackers to access...
Cybercriminals have begun to exploit a critical vulnerability in the WP Automatic plugin for WordPress, enabling them to create accounts with administrative privileges and install backdoors for long-term access. Installed on over 30,000 sites,...
In recent weeks, there has been an intensification of cyberattacks on Indian government bodies, initiated by groups linked to Pakistan. The analytical team at Seqrite Labs has identified several campaigns in which remote access...
ThreatFabric has identified a new malicious application named Brokewell, capable of recording every action on a device, from keystrokes to text input and application launches. The Trojan is distributed through a counterfeit Google Chrome...
Network security measures such as firewalls are designed to safeguard corporate networks from breaches. However, it turns out that cybercriminals are increasingly turning these systems against their owners, using them as springboards to infiltrate...
Security experts have identified a critical vulnerability in the Flowmon network performance monitoring tool from Progress Software, utilized by over 1,500 companies globally, including major organizations such as SEGA, KIA, and Volkswagen. The vulnerability...
Experts at Citizen Lab have identified vulnerabilities in popular keyboard applications that could be exploited to log keystrokes of Chinese users worldwide. These security issues are nearly ubiquitous across apps, including those pre-installed on...
Cybersecurity researchers from Perception Point recently discovered a vulnerability on the Nespresso coffee machine and capsule manufacturer’s website, which scammers actively exploit to redirect users to malicious sites. The vulnerability, related to open redirection,...
Recently, security researchers identified a new vulnerability known as Dependency Confusion, affecting an archived Apache project titled Cordova App Harness. This vulnerability enables malefactors to manipulate package managers into downloading a fraudulent package from...
North Korean hackers exploited the eScan antivirus update mechanism to embed backdoors into corporate networks and disseminate cryptocurrency miners using the malicious software, GuptiMiner. Cybersecurity firm Avast reports that the perpetrators conducted an adversary-in-the-middle...