A flaw in the Packagist PHP repository could have allowed supply chain attacks
Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply...
hacking
Lazarus APT employed an exploit in a Dell firmware driver in recent attacks
North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell...
Utkuici – Nessus Automation
Today, with the spread of information technology systems, investments in the field of cyber security have increased to a great...
Linux Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group
Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the...
Microsoft mitigations for recently disclosed Exchange zero-days can be easily bypassed
The mitigation shared by Microsoft for the two recently disclosed Exchange zero-day vulnerabilities can be bypassed, expert warns. Last week,...
Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor
A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm...
RansomEXX gang claims to have hacked Ferrari and leaked online internal documents
The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence...
Finnish intelligence warns of Russia’s cyberespionage activities
The Finnish Security Intelligence Service (SUPO) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish...
Java-Remote-Class-Loader – Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API
This tool allows you to send Java bytecode in the form of class files to your clients (or potential targets)...
Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info
Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information. During a...
BlackCat ransomware gang claims to have hacked US defense contractor NJVC
Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware...
Security Affairs newsletter Round 386
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Bayanay – Python Wardriving Tool
WarDriving is the act of navigating, on foot or by car, to The screenshot of the location information is as...
German police identified a gang that stole €4 million via phishing attacks
German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA)...
CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog
CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S....
Guacamaya hacktivists stole sensitive data from Mexico and Latin American countries
A hacker group called Guacamaya stole classified government information from multiple military and government agencies across several Latin American countries....
Luxury hotel chain Shangri-La suffered a security breach
The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised. The...
Deadfinder – Find Dead-Links (Broken Links)
Dead link (broken link) means a link within a web page that cannot be connected. These links can have a...
Witchetty APT used steganography in attacks against Middle East entities
A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec...
US DoD announced the results of the Hack US bug bounty challenge
The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July....
Pmanager – Store And Retrieve Your Passwords From A Secure Offline Database. Check If Your Passwords Has Leaked Previously To Prevent Targeted Password Reuse Attacks
Description Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent...
Microsoft confirms Exchange zero-day flaws actively exploited in the wild
Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed...
Unpatched Microsoft Exchange Zero-Day actively exploited in the wild
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild....
Experts uncovered novel Malware persistence within VMware ESXi Hypervisors
Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used...
