General Security News
-
Hackers Abuse GitHub Codespaces Feature to Host and Deliver Malware
Trend Micro researchers have recently demonstrated that malware and malicious scripts can be hosted and distributed within GitHub Codespaces by...
-
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a...
-
New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks
A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious...
-
Android Users Beware: New Hook Malware with RAT Capabilities Emerges
The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new...
-
Over 4,000 Internet-facing Sophos Firewalls Vulnerable to Code Injection Attacks
The Sophos Firewall Webadmin and User Portal HTTP interfaces are vulnerable to unauthenticated and remote code execution, as stated in an alert...
-
GitLab Critical Security Flaw Let Attacker Execute Arbitrary Code
GitLab has released fixes for two security flaws in Git that are of critical severity and might allow attackers to remotely execute arbitrary code...
-
Mailchimp Suffers Another Security Breach Compromising Some Customers' Information
Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal...
-
Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa
An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the...
-
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late...
-
Over 6000 Internet-Exposed Cacti Servers are Unpatched for Critical Security Vulnerability
A significant number of servers that use the Cacti software, and are connected to the internet, have not been updated to fix a security...
-
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out...
-
Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access
Four different Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF) attacks that could be exploited to gain...