Apple zero-click iMessage exploit used to infect iPhones with spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a...
News
CISA warns of critical Apache RocketMQ bug exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical–severity...
Cisco BroadWorks impacted by critical authentication bypass flaw
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers...
Iranian hackers breach US aviation org via Zoho, Fortinet bugs
Image: Midjourney State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a...
Apple Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
High-Severity Vulnerability Discovered in Popular CMS
A high-severity vulnerability has been discovered in PHPFusion, an open-source content management system (CMS) used by over 15 million websites...
Russia-Backed APT28 Tried to Attack a Ukrainian Critical Power Facility
Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat...
MITRE and CISA Release OT Attack Emulation Tool
A new open source tool designed to emulate cyber-attacks against operational technology (OT) has been released by MITRE and the...
IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary
Sensitive patient data may have been accessed following a breach of the Janssen CarePath platform, a subsidiary of pharmaceutical giant...
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
A China-based threat actor gained access to a Microsoft account (MSA) cryptographic key, as early as 2021, and used it...
UK Government Backs Down on Anti-Encryption Stance
The UK government appears to have pulled back on a controversial clause in its forthcoming Online Safety Bill that would...
Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign
Researchers are warning of a major global investment fraud campaign that uses social media advertising to lure unwitting victims into...
API Vulnerabilities: 74% of Organizations Report Multiple Breaches
API security company Traceable has unveiled its 2023 State of API Security Report. In collaboration with the Ponemon Institute, the...
Zero-Day Flaw Exposes Atlas VPN User IPs
A Reddit user known as “Educational-Map-8145” has exposed a critical zero-day flaw affecting the Linux client of Atlas VPN, a popular...
UK and US Sanction 11 Russians Tied to Trickbot/Conti Ransomware
The US and the UK have sanctioned 11 individuals accused of being linked with the Trickbot malware and the Conti...
DGA Behavior Shifts Raise Cybersecurity Concerns
Researchers at Akamai have unearthed a concerning shift in the behavior of dynamically seeded Domain Generation Algorithm (DGA) families within...
US-CERT Vulnerability Summary for the Week of August 28, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoearcms -- ear_appAn issue found in Earcms Ear App v.20181124 allows a...
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or...
Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge...
Outlook Breach: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge...
Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks
Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker...
Mirai Botnet Variant ‘Pandora’ Hijacks Android TVs for Cyberattacks
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them...
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024
By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost...
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA
A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that...
