Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack
A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show....
News
US-CERT Vulnerability Summary for the Week of September 4, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocanonical_ltd. -- snapd_for_linuxUsing the TIOCLINUX ioctl request, a malicious snap could inject...
Apple Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
Ransomware and the cyber crime ecosystem
Ransomware and the cyber crime ecosystem Ransomware has been the biggest development in cyber crime since we published the NCSC’s...
‘Evil Telegram’ Android apps on Google Play infected 60K with spyware
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals...
Iranian hackers breach US aviation org via ManageEngine, Fortinet bugs
Image: Midjourney State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho ManageEngine and Fortinet vulnerabilities,...
Associated Press warns that AP Stylebook data breach led to phishing attack
The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data...
Facebook Messenger phishing wave targets 100K business accounts per week
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to...
Iranian hackers backdoor 34 orgs with new Sponsor malware
A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware...
MGM Resorts shuts down IT systems after cyberattack
MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including...
CISA warns govt agencies to secure iPhones against spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of...
New WiKI-Eve attack can steal numerical passwords over WiFi
A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual...
Google Chrome Remote Code Execution Vulnerability
A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution on...
IT Systems Encrypted After UK School Hit By Ransomware
A spate of cyber-attacks against UK schools has claimed its latest victim after a Maidstone secondary school suffered a serious...
Evil Telegram Mods Removed From Google Play
Security researchers have revealed a number of lookalike Telegram apps on the official Play store which were modified to contain...
AP Stylebook Breach May Have Hit Hundreds of Journalists
The Associated Press (AP) has warned that users of a popular writing style guide have been hit by phishing attacks...
Pentagon Urges Collaboration in Cyber Defense
In a discussion at the FedTalks event in Washington last Thursday, Leslie A. Beavers, principal deputy chief information officer at...
Lazarus Group Targets macOS in Supply Chain Assault
Cybersecurity firm ESET has detected a significant supply chain attack targeting macOS devices. The Lazarus Group, known for its advanced...
Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data
Investigations have begun into a massive ransomware attack that has affected Sri Lanka’s government cloud system, Lanka Government Cloud (LGC).The...
Cuba Ransomware Group Unleashes Undetectable Malware
Security researchers at Kaspersky have unveiled research into the activities of the notorious ransomware group known as Cuba. According to...
US-CERT Vulnerability Summary for the Week of September 4, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocanonical_ltd. -- snapd_for_linuxUsing the TIOCLINUX ioctl request, a malicious snap could inject...
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot,...
How to Prevent API Breaches: A Guide to Robust Security
With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly...
Charming Kitten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E.
The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities...
