General Security News
-
Redbus & MakeMyTrip Bug Let Users Book Free Seats
RedBus and MakeMyTrip Limited, two of India’s biggest online travel agencies, allow users to reserve free seats. Mr. Vishnu Thulasidoss had...
-
Splunk Flaw Let Attackers Escalate Privilege Using crafted web Request
Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide. Splunk can collect logs of all the configured events...
-
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable...
-
Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts
An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in...
-
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that uses command...
-
Toyota Server Misconfiguration Leaks Owners Data for Over Seven Years
The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle Registration Number. The post...
-
Dark Pink APT Group Compromised 13 Organizations in 9 Countries
Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their malicious activities. The post Dark...
-
Hackers Exploit Barracuda Zero-Day Flaw Since 2022 to Install Malware
This vulnerability exists due to improper processing, validation, and sanitization of the names of the files within the user-supplied .tar file....
-
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors' use of social engineering tactics to...
-
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to...
-
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks
An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active...
-
Critical Jetpack WordPress Flaw Exposes Millions of Website
This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation The post Critical Jetpack WordPress...