A recently discovered vulnerability in Windows SmartScreen is being actively exploited in attacks that lead to the infection with the new Phemedrone stealer, warns Trend Micro. The vulnerability, CVE-2023-36025, scored 8.8 on the CVSS...
Security researchers from Guardio Labs uncovered a significant oversight in Opera’s web browser for Windows and macOS, which allows cybercriminals to launch any file, including malicious ones, on the computer’s base operating system. The...
According to a report by SecurityScorecard’s STRIKE team, hackers from the Volt Typhoon group, linked to the Chinese government, have gained persistent access to Cisco RV320/325 routers, discontinued since 2019. The malefactors exploited two...
Bitdefender has identified a vulnerability in the popular Bosch BCC100 Wi-Fi thermostat model. This flaw permits cybercriminals to remotely manipulate device settings, including temperature, and install malicious software. Internet of Things (IoT) devices, ranging...
Specialists at VulnCheck have developed a Proof-of-Concept (PoC) code that exploits a recently discovered critical vulnerability in the Apache OFBiz Enterprise Resource Planning (ERP) system to execute malicious code in memory. The vulnerability, designated...
Cybersecurity researchers have identified a new type of attack that exploits weaknesses in the configuration of Apache’s Hadoop and Flink software, deploying cryptocurrency miners on target systems. “This attack is particularly intriguing due to...
At least five different types of malware have been employed by suspected state-sponsored hackers to gain access to company networks through Zero-Day vulnerabilities in Ivanti Connect Secure (ICS) VPN devices. These attacks have been...
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Microsoft SharePoint Server to its catalog of Known Exploited Vulnerabilities (KEV). This decision was based on evidence of...
The National Cyber Security Centre of Finland (NCSC-FI) is issuing a warning about the increased activity of the Akira ransomware. According to the center, this past December witnessed hackers successfully carrying out six of...
Adobe has released a crucial security update that rectifies six vulnerabilities in its Substance 3D Stager product. If exploited successfully, these vulnerabilities could lead to memory leaks and arbitrary code execution. Substance 3D Stager...
Researchers at Nozomi Networks have identified 23 vulnerabilities in the widely used Bosch Rexroth Nutrunner NXA015S-36V-B. These high-precision tools are employed in factories and plants globally for fastening in the manufacturing and maintenance of...
SonicWall has recorded thousands of daily attempts to exploit zero-day vulnerabilities in Apache OFBiz over nearly two weeks. The flaw was first publicized on December 26, leading to a significant increase in exploitation attempts....
Researchers have calculated that nearly 11 million SSH servers on the internet are vulnerable to Terrapin attacks, which allow data manipulation during the handshake process, ultimately compromising the integrity of the SSH channel when...
The ShadowServer platform daily uncovers hundreds of IP addresses scanning or attempting to exploit Apache RocketMQ services vulnerable to Remote Code Execution (RCE), identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities are critical and pertain...
QNAP Systems published security advisories for 15 vulnerabilities, each posing a unique challenge to the integrity of their systems. From OS command injections to SQL injections, each flaw uncovered in their operating systems and...
Cybernews specialists identified two BMW subdomains vulnerable to an exploit allowing malicious actors to redirect users to harmful websites. This vulnerability, named SAP Redirect, affected SAP NetWeaver Application Server Java web servers, enabling the...
