The Shadowserver Service is documenting attempts to exploit the critical vulnerability CVE-2023-22527, which enables remote code execution on outdated versions of Atlassian Confluence servers. Atlassian disclosed the issue last week, noting that it affects...
Security mobile application company Oversecured has recently disclosed a vulnerability found in several popular Java and Android application libraries, rendering them susceptible to a new supply chain attack method named MavenGate. Oversecured’s analysis highlights...
Cybernews specialists, led by cybersecurity researcher Bob Diachenko, have identified a colossal data leak dubbed the “Mother of all Breaches” (MOAB), encompassing 12 TB of information and over 26 billion records. This unprecedented volume,...
In December 2023, media organizations and prominent North Korean affairs experts became the targets of a new malicious campaign orchestrated by the hacker group ScarCruft. Researchers at SentinelOne reported that the group is experimenting...
Trezor, a developer of hardware wallets for cryptocurrency, has reported a data breach. The attack occurred on January 17, 2024, when malefactors gained unauthorized access to a third-party technical support portal. While the investigation...
Cybersecurity researchers from Jamf Threat Labs have analyzed over 10,000 scripts utilized by the Parrot Traffic Direction System (TDS) and unearthed significant advancements in the optimization of these scripts. These enhancements render the malicious...
Before the U.S. Securities and Exchange Commission’s (SEC) official announcement of the approval of a Bitcoin ETF, hackers hijacked the SEC’s official X/Twitter account and disseminated information regarding the ETF’s approval. Subsequently, the price...
Trellix, a cybersecurity firm, has unveiled a new sophisticated Java-based tool for information theft, employing a Discord bot to pilfer confidential data from compromised hosts. Named NS-STEALER, the malware disseminates via ZIP archives, masquerading...
Varonis, a cybersecurity firm, has unearthed a new vulnerability in Microsoft products, alongside several attack methodologies that allow malefactors to acquire users’ password hashes. Identified as CVE-2023-35636, this critical vulnerability affects the shared calendar...
According to researchers from Jamf Threat Labs, pirated applications for the macOS operating system distributed on Chinese websites are embedded with malicious software that grants attackers remote access to infected computers. Among these applications...
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has urgently issued a directive, urging Federal Civilian Executive Branch (FCEB) agencies to mitigate the effects of two actively exploited zero-day vulnerabilities in...
GitHub, a platform for programmers, is a popular and favorite tool for hackers, used to store and distribute malware. According to a recent report by Recorded Future, a cybersecurity company based in the United...
Trustwave has issued a warning regarding the notable surge in the exploitation of a patched vulnerability within Apache ActiveMQ, aimed at deploying the Godzilla web shell onto compromised hosts. The web shells, concealed in...
The cybercriminal group TA866, renowned for its phishing endeavors, has resumed its malevolent operations after a nine-month hiatus, according to cybersecurity firm Proofpoint. Recently, the hackers have launched a widespread campaign targeting users in...
A cybercriminal group linked to China, known as UNC3886, has clandestinely exploited a critical zero-day vulnerability in the VMware vCenter Server management system since late 2021. This revelation was disclosed in a recent report...
Kansas State University, a prominent public research institution offering 65 master’s and 45 doctoral programs, has encountered a significant cyber incident. The university, home to approximately 20,000 students and 1,400 academic staff, reported disruptions...
