FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH...
News
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of...
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency...
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped...
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it...
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
The 2024 State of the vCISO Report continues Cynomi's tradition of examining the growing popularity of virtual Chief Information Security...
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated...
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are...
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully...
Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a...
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical...
U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda...
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore
Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from...
NIST Cybersecurity Framework (CSF) and CTEM – Better Together
It's been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created...
Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote...
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of...
North Korean Hackers Targets Job Seekers with Fake FreeConference App
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part...
Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw
Google has released its monthly security updates for the Android operating system to address a known security flaw that it...
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions...
Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch
Google has released its monthly security updates for the Android operating system to address a known security flaw that it...
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in...
The New Effective Way to Prevent Account Takeovers
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite...
Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm...
Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka...
