2024Ravie

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

Report by CISA on ScienceLogic SL1 Vulnerability Added to Catalog After Recent Zero-Day Cyber Attack

AndyC 22 October 2024

Oct 22, 2024Ravie LakshmananVulnerability / Cyber Threat The U.S. CYBERCOM and Infrastructure Safety Agency (CISA) included a critical vulnerability affecting...

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Hackers Utilize Roundcube Webmail XSS Flaw to Obtain Login Information

AndyC 21 October 2024

Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unidentified attackers have been seen exploiting a now-fixed security vulnerability in the open-source...

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

Russian Companies Targeted by Crypt Ghouls Using LockBit 3.0 and Babuk Ransomware

AndyC 20 October 2024

Oct 19, 2024Ravie LakshmananNetwork Security / Data Breach An emerging threat group identified as Crypt Ghouls has been associated with...

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean IT Personnel in Western Businesses Now Seeking Payment for Stolen Information

AndyC 19 October 2024

Oct 18, 2024Ravie LakshmananInsider Threat / Cyber Espionage Employees working in information technology (IT) from North Korea, who are hired...

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

United States and Partners Alert Regarding Iranian Cyberattacks on Crucial Infrastructure in Year-Long Operation

AndyC 19 October 2024

Oct 18, 2024Ravie LakshmananCyber Intelligence / Critical Infrastructure Cybersecurity and intelligence agencies from Australia, Canada, and the United States have...

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Alert: Deceptive Google Meet Web Pages Distribute Infostealers in Ongoing ClickFix Campaign

AndyC 19 October 2024

Oct 18, 2024Ravie LakshmananThreat Intelligence / Phishing Attack Cybercriminals are exploiting counterfeit Google Meet web pages in an ongoing malware...

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft Uncovers macOS Weakness that Circumvents Privacy Controls in Safari Browser

AndyC 18 October 2024

Oct 18, 2024Ravie LakshmananThreat Intelligence / Browser Security Microsoft has revealed information about a recently fixed security weakness in Apple's...

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

New Variation of SingleCamper RAT Released by Russian Romantic Comedy Group Targets Ukrainian Government

AndyC 18 October 2024

Oct 17, 2024Ravie LakshmananThreat Intelligence / Malware A recent series of cyber attacks targeting Ukrainian government agencies and undisclosed Polish...

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Scientists Reveal Cicada3301 Ransomware Operations and Its Partner Program

AndyC 18 October 2024

Oct 17, 2024Ravie LakshmananRansomware / Network Security Cybersecurity experts have discovered more details about a new ransomware-as-a-service (RaaS) known as...

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Severe Kubernetes Picture Creator Weakness Discloses Nodes to Root Entry Risk

AndyC 17 October 2024

Oct 17, 2024Ravie LakshmananWeakness / Kubernetes A critical security loophole has been unveiled in the Kubernetes Picture Creator that, if...

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Unauthorized Users Exploit EDRSilencer Tool to Circumvent Security and Conceal Malicious Behavior

AndyC 17 October 2024

October 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are endeavoring to misuse the open-source EDRSilencer tool in their attempts...

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

FIDO Alliance Introduces Fresh Protocol to Streamline Passkey Transfers Across Various Platforms

AndyC 17 October 2024

Oct 16, 2024Ravie LakshmananData Privacy / Passwordless The FIDO Alliance announced its efforts to simplify the export of passkeys and...

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

North Korean ScarCruft Exploits Windows Zero-Day to Disseminate RokRAT Malware

AndyC 17 October 2024

Oct 16, 2024Ravie LakshmananZero-Day / Windows Security The North Korean threat actor ScarCruft, famously known for exploiting software vulnerabilities, has...

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Malevolent Astaroth Banking Malware Emerges Again in Brazil Through Targeted Spear-Phishing Attack

AndyC 17 October 2024

Oct 16, 2024Ravie LakshmananCyber Attack / Banking Trojan A fresh spear-phishing operation aimed at Brazil has surfaced that sends out...

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub Fixes Critical Flaw in Corporate Server Allowing Unauthorized Instance Entry

AndyC 16 October 2024

Oct 16, 2024Ravie LakshmananCorporate Security / Vulnerability GitHub has unleashed security patches for Corporate Server (GHES) to tackle several issues,...

2024Ravie

Report by CISA on ScienceLogic SL1 Vulnerability Added to Catalog After Recent Zero-Day Cyber Attack

Hackers Utilize Roundcube Webmail XSS Flaw to Obtain Login Information

Russian Companies Targeted by Crypt Ghouls Using LockBit 3.0 and Babuk Ransomware

North Korean IT Personnel in Western Businesses Now Seeking Payment for Stolen Information

United States and Partners Alert Regarding Iranian Cyberattacks on Crucial Infrastructure in Year-Long Operation

Alert: Deceptive Google Meet Web Pages Distribute Infostealers in Ongoing ClickFix Campaign

Microsoft Uncovers macOS Weakness that Circumvents Privacy Controls in Safari Browser

New Variation of SingleCamper RAT Released by Russian Romantic Comedy Group Targets Ukrainian Government

Scientists Reveal Cicada3301 Ransomware Operations and Its Partner Program

Severe Kubernetes Picture Creator Weakness Discloses Nodes to Root Entry Risk

Unauthorized Users Exploit EDRSilencer Tool to Circumvent Security and Conceal Malicious Behavior

FIDO Alliance Introduces Fresh Protocol to Streamline Passkey Transfers Across Various Platforms

North Korean ScarCruft Exploits Windows Zero-Day to Disseminate RokRAT Malware

Malevolent Astaroth Banking Malware Emerges Again in Brazil Through Targeted Spear-Phishing Attack

GitHub Fixes Critical Flaw in Corporate Server Allowing Unauthorized Instance Entry

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

State-linked and criminal hackers use device code phishing against M365 users

Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed