Cyber Threats

January 16, 2024

Mass Exploitation of Ivanti VPN and NAC Zero-Day Vulnerabilities Detected

On January 10, 2024, Ivanti disclosed two zero day vulnerabilities in Ivanti Connect Secure VPN and Policy Secure NAC appliances that have been actively exploited ...

January 3, 2024

Black Basta Ransomware Decryptor Developed

Researchers at Security Research (SR) Labs have recently announced that they identified a weakness in the encryption algorithm used by Black Basta ransomware which can ...

December 21, 2023

Google Patches Actively Exploited Zero-Day Bug in Chrome

A high-severity zero day vulnerability in the Google Chrome browser is being actively exploited in the wild. The vulnerability is tracked as CVE-2023-7024 and is ...

November 28, 2023

Max Severity OwnCloud Flaw Actively Exploited in the Wild

A critical vulnerability in OwnCloud, a popular open-source self-hosted file synchronization and sharing solution, has started to be exploited by cyber actors. The vulnerability affects ...

November 14, 2023

Feds Warn of Potential Rebrand of Royal Ransomware Group

A joint Cybersecurity Advisory> has been issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) that includes updated ...

November 7, 2023

Critical Atlassian Confluence Data Center and Server Vulnerability Exploited by Ransomware Gangs

On October 31, 2023, Atlassian issued a security advisory about a critical vulnerability that affected all versions of Confluence Data Center and Server. The improper ...

October 26, 2023

Generative AI Saves Phishers 16 Hours per Campaign

There is mounting concern that generative AI will be used by cybercriminals to generate convincing phishing emails that are almost impossible for users to identify ...

October 17, 2023

Cisco Warns of Actively Exploited Zero-Day IOS XE Vulnerability

Cisco has issued a security alert about an actively exploited critical zero-day vulnerability in its IOS XE software and is urging all customers to take ...

October 12, 2023

At Least $2.7 Billion Lost to Social Media Scams Since 2021

Social media networks are being extensively abused by scammers who use the networks to advertise fake products and investment schemes and conduct romance scams. According ...

October 11, 2023

Vulnerability in HTTP/2 Protocol Exploited in Record-Breaking DDoS Attacks

A zero-day vulnerability in the HTTP/2 protocol is being actively exploited by threat actors to launch massive DDoS attacks. Google, Cloudflare and Amazon Web Services (AWS) ...

October 10, 2023

October 2023 Patch Tuesday: 103 Flaws Fixed, including 3 Actively Exploited 0Days

Microsoft released patches to fix 103 vulnerabilities across its product suite on October 2023 Patch Tuesday, including 3 zero-day vulnerabilities that are being actively exploited ...

October 4, 2023

LastPass Employees and Customers Targeted in Phishing Campaign

A widespread phishing campaign has been detected that is targeting LastPass employees and customers. The campaign was first detected in mid-September, and a second wave ...

September 22, 2023

Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities

Apple has released emergency patches to address three zero-day vulnerabilities that are being actively exploited in the wild in attacks on iPhone and Mac users. A ...

September 13, 2023

Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability

Google has released an emergency patch to fix an actively exploited vulnerability in its Chrome browser. The vulnerability, tracked as CVE-2023-4863, is a heap buffer ...

September 13, 2023

Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday

September 2023 Patch Tuesday has seen Microsoft release patches to fix 59 vulnerabilities across its product suite, including two actively exploited vulnerabilities. 5 flaws are ...

September 11, 2023

Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors

A critical vulnerability in the Apache RocketMQ distributed messaging and streaming platform is being exploited by multiple threat actors. The vulnerability is tracked as CVE-2023-33246 ...

September 11, 2023

HijackLoader Malware Loader Proving Popular with Cybercriminals

Security researchers at Zscaler ThreatLabz have identified a new malware loader called HijackLoader which is proving popular within the cybercriminal community. The malware is being ...

September 4, 2023

QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled ...

August 22, 2023

WinRAR Vulnerability Can Be Exploited to Achieve RCE

A high-severity WinRAR vulnerability has been identified that can be exploited to achieve remote code execution on Windows systems. The vulnerability is tracked as CVE-2023-40477 ...

August 22, 2023

Critical Ivanti Sentry Vulnerability Under Active Exploitation

A critical vulnerability in Ivanti Sentry (MobileIron Sentry) is being actively exploited in the wild. The vulnerability is an authentication bypass issue and is tracked ...

August 9, 2023

Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs

August 2023 Patch Tuesday has seen Microsoft release patches for more than 70 vulnerabilities, including two zero-day bugs that are being actively exploited in the ...

August 4, 2023

Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and their international cybersecurity partners in Australia, Canada, New ...

August 3, 2023

Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams

The Russian cyber threat actor Midnight Blizzard (Nobelium, APT29, UNC2452, Cozy Bear) is conducting a highly targeted phishing and social engineering campaign via Microsoft Teams ...

July 19, 2023

Patch Released for Actively Exploited Flaw in Citrix/NetScaler ADC and Gateway

Patches have been released to fix three vulnerabilities in NetScaler Application Delivery Controller (ADC) and Gateway (Citrix ADC and Citrix Gateway), including one critical vulnerability that ...

July 7, 2023

TrueBot Malware Campaign Uses Phishing and Netwrix Auditor Exploit for Malware Delivery

Organizations in the United States and Canada are being targeted in a TrueBot malware campaign that uses phishing emails with malicious hyperlinks and a remote ...

July 4, 2023

Meduza Stealer Malware Targets Password Managers and Crypto Wallets

Meduza stealer is a new information stealer that is being heavily marketed on dark web hacking forums and Telegram channels. The malware, which is being ...

June 27, 2023

Critical FortiNAC RCE Vulnerability Patched by Fortinet

A critical vulnerability in FortiNAC network access control solutions has been patched by Fortinet. Successful exploitation of the flaw would allow an attacker to remotely ...

June 27, 2023

CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited

A critical vulnerability in Zyxel network-attached storage (NAS) devices is being exploited in attacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability ...

June 12, 2023

Patch Released for Critical Fortinet FortiGate SSL-VPN RCE Vulnerability

Fortinet has released a patch to fix a critical remote code execution vulnerability in its FortiGate SSL-VPN devices. The vulnerability can be exploited pre-authentication, allowing ...

June 5, 2023

Security Agencies Issue Warning About North Korean Spear Phishing Campaigns

Intelligence and law enforcement agencies in the United States and South Korea have issued a warning about the North Korean state-sponsored hacking group Kimsuky (aka ...

Previous 123 4…18 Next

.st1{display:none}Cyber Threats

Cyber Threats