New proxyjacking attacks monetize hacked SSH servers’ bandwidth
Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through...
News
Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs
Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures...
Free Akira ransomware decryptor helps recover your files
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without...
CISA issues DDoS warning after attacks hit multiple US orgs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across...
US-CERT Vulnerability Summary for the Week of June 19, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Iranian Hackers Charming Kitten Utilize POWERSTAR Backdoor in Targeted Espionage Attacks
Charming Kitten, the nation-state actor affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC), has been attributed to a bespoke spear-phishing...
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage
In today's fast-paced digital landscape, the widespread adoption of AI (Artificial Intelligence) tools is transforming the way organizations operate. From...
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can...
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage
In today's fast-paced digital landscape, the widespread adoption of AI (Artificial Intelligence) tools is transforming the way organizations operate. From...
Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign
An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is...
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses...
MITRE releases new list of top 25 most dangerous software bugs
MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years....
New EarlyRAT malware linked to North Korean Andariel hacking group
Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the...
Proton launches open-source password manager with some limitations
Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser...
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
The pro-Russia crowdsourced DDoS (distributed denial of service) project, 'DDoSia,' has seen a massive 2,400% growth in less than a...
Criminal IP Unveils Bug Bounty Program to Boost User Safety, Security
Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty...
US-CERT Vulnerability Summary for the Week of June 19, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
From MuddyC3 to PhonyC2: Iran’s MuddyWater Evolves with a New Cyber Weapon
The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that's been...
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes
Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift...
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j...
Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data
Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated...
The Right Way to Enhance CTI with AI (Hint: It’s the Data)
Cyber threat intelligence is an effective weapon in the ongoing battle to protect digital assets and infrastructure - especially when...
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data...
Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts
A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a...
