Security News

Filter by:

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The Hacker News 9 Oct 2024 1415 Views

Big brands among thousands infected by payment-card-stealing CosmicSting crooks

Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Updated  Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of...
The Register 5 Oct 2024 6975 Views

Recently patched CUPS flaw can be used to amplify DDoS attacks

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]
Bleepingcomputer 4 Oct 2024 1798 Views

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. [...]
Ars Technica 3 Oct 2024 1751 Views

Fake browser updates spread updated WarmCookie malware

A new 'FakeUpdate' campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware. [...]
Bleepingcomputer 3 Oct 2024 1766 Views

FIN7 hackers launch deepfake nude “generator” sites to spread malware

The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]
Bleepingcomputer 3 Oct 2024 1716 Views

Cyberattackers Use HR Targets to Lay More_Eggs Backdoor

The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.
Dark Reading 2 Oct 2024 1483 Views

Progress urges admins to patch critical WhatsUp Gold bugs ASAP

Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.
Bleeping Computer 30 Sep 2024 1571 Views

Critical Ivanti vTM auth bypass bug now exploited in attacks

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. [...]
Bleepingcomputer 25 Sep 2024 1922 Views

Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.
Cyware News 21 Sep 2024 1929 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY