Hundreds of malicious Python packages found stealing sensitive data
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms...
OSINT
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy....
CISA: CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These...
CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in multiple products. A cyber...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Mozilla Releases Security Advisories for Thunderbird and Firefox
Mozilla Releases Security Advisories for Thunderbird and Firefox Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA and NSA Release New Guidance on Identity and Access Management
CISA and NSA Release New Guidance on Identity and Access Management Today, CISA and the National Security Agency (NSA) published...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs CISA has added two new vulnerabilities to its Known Exploited...
CISA: Mozilla Releases Security Updates for Multiple Products
Mozilla Releases Security Updates for Multiple Products Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR,...
ModuleShifting – Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs
ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so...
Medusa Locker Ransomware Victim: Somagic
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking...
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that,...
Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a...
Wing Disrupts the Market by Introducing Affordable SaaS Security
Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and...
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from...
Android October security update fixes zero-days exploited in attacks
Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively...
ShellTorch flaws expose AI servers to code execution attacks
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed...
New ‘Looney Tunables’ Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow...
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in...
Google to bolster phishing and malware delivery defenses in 2024
Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk...
