General Security News
-
Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho...
-
The Secret Vulnerability Finance Execs are Missing
The (Other) Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial...
-
Apple Privilege Escalation Bug Let Attacker Execute Arbitrary Code
Trellix researchers discovered a new class of privilege escalation bugs based on the ForcedEntry attack, which exploited a feature of macOS and...
-
MyloBot Botnet Attacks Thousands of Windows Systems and Turns Them as Proxy
BitSight recently detected MyloBot, an advanced botnet that has successfully infiltrated numerous computer systems, primarily situated in four...
-
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository....
-
Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices
Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first...
-
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute...
-
SN1PER – Most Advanced Automated Penetration Testing Tool – 2023
Sn1per is an automated scanner that can automate the process of collecting data for exploration and penetration testing. In their work sn1per...
-
HardBit Ransomware Steal Sensitive Data From Victims Before Encrypting
As of October 2022, The HardBit ransomware attack was first detected as a threat extorting cryptocurrency payments to decrypt data from...
-
Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate...
-
Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client
At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over...
-
U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV)...