September 4, 2023 QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled ... Read more
August 22, 2023 WinRAR Vulnerability Can Be Exploited to Achieve RCE A high-severity WinRAR vulnerability has been identified that can be exploited to achieve remote code execution on Windows systems. The vulnerability is tracked as CVE-2023-40477 ... Read more
August 22, 2023 Critical Ivanti Sentry Vulnerability Under Active Exploitation A critical vulnerability in Ivanti Sentry (MobileIron Sentry) is being actively exploited in the wild. The vulnerability is an authentication bypass issue and is tracked ... Read more
August 9, 2023 Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs August 2023 Patch Tuesday has seen Microsoft release patches for more than 70 vulnerabilities, including two zero-day bugs that are being actively exploited in the ... Read more
August 4, 2023 Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022 The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and their international cybersecurity partners in Australia, Canada, New ... Read more
August 3, 2023 Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams The Russian cyber threat actor Midnight Blizzard (Nobelium, APT29, UNC2452, Cozy Bear) is conducting a highly targeted phishing and social engineering campaign via Microsoft Teams ... Read more
July 19, 2023 Patch Released for Actively Exploited Flaw in Citrix/NetScaler ADC and Gateway Patches have been released to fix three vulnerabilities in NetScaler Application Delivery Controller (ADC) and Gateway (Citrix ADC and Citrix Gateway), including one critical vulnerability that ... Read more
July 7, 2023 TrueBot Malware Campaign Uses Phishing and Netwrix Auditor Exploit for Malware Delivery Organizations in the United States and Canada are being targeted in a TrueBot malware campaign that uses phishing emails with malicious hyperlinks and a remote ... Read more
July 4, 2023 Meduza Stealer Malware Targets Password Managers and Crypto Wallets Meduza stealer is a new information stealer that is being heavily marketed on dark web hacking forums and Telegram channels. The malware, which is being ... Read more
June 27, 2023 Critical FortiNAC RCE Vulnerability Patched by Fortinet A critical vulnerability in FortiNAC network access control solutions has been patched by Fortinet. Successful exploitation of the flaw would allow an attacker to remotely ... Read more
June 27, 2023 CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited A critical vulnerability in Zyxel network-attached storage (NAS) devices is being exploited in attacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability ... Read more
June 12, 2023 Patch Released for Critical Fortinet FortiGate SSL-VPN RCE Vulnerability Fortinet has released a patch to fix a critical remote code execution vulnerability in its FortiGate SSL-VPN devices. The vulnerability can be exploited pre-authentication, allowing ... Read more
June 5, 2023 Security Agencies Issue Warning About North Korean Spear Phishing Campaigns Intelligence and law enforcement agencies in the United States and South Korea have issued a warning about the North Korean state-sponsored hacking group Kimsuky (aka ... Read more
May 23, 2023 KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory A vulnerability has been identified in KeePass password management solution that allows an attacker to recover the cleartext master password from the memory if the ... Read more
May 8, 2023 North Korean Threat Group Using ReconShark Malware in Spear Phishing Campaign A North Korean advanced persistent threat (APT) actor is using a new malware called ReconShark in a global spear phishing campaign. The malware is capable ... Read more
April 26, 2023 Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected An exploit has been released for a critical vulnerability in the widely used print management software PaperCut, which is used by more than 700,000 organizations ... Read more
April 17, 2023 Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users A high-severity vulnerability in Android devices is being actively exploited to spy on users of a popular Chinese e-commerce app, according to a recent alert ... Read more
April 12, 2023 Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug Microsoft released patches to fix 97 vulnerabilities on April 2023 Patch Tuesday including a Windows zero-day privilege execution vulnerability in the Windows Common Log File ... Read more
April 11, 2023 Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws Apple has released patches to fix two zero-day vulnerabilities that can be exploited to execute arbitrary code on unpatched iPhones, iPads, and Macs. Apple has ... Read more
March 29, 2023 Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs Ransomware gangs are targeting a critical vulnerability in the IBM Aspera Faspex application to gain access to enterprise networks. Aspera is a file-exchange application used ... Read more
March 2, 2023 Trezor Confirms Customers Being Targeted in Phishing Campaign Trezor users are being targeted in a multi-channel phishing campaign that attempts to trick them into disclosing their recovery seeds, which will allow their wallets ... Read more
February 14, 2023 Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang A zero-day vulnerability in the GoAnywhere MFT secure file transfer tool has allegedly been exploited by the Clop ransomware gang to attack more than 130 ... Read more
January 31, 2023 QNAP Warns of Critical Vulnerability in its NAS Devices The network-attached storage (NAS) device maker QNAP has warned customers about a critical remote code injection vulnerability affecting devices running QTS or QuTS hero firmware ... Read more
January 18, 2023 Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware Last month, OpenAI launched an AI-based system called ChatGPT that is capable of answering queries and generating natural language text, which can be used for ... Read more
January 10, 2023 January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day Patches have been released to fix almost 100 vulnerabilities on January 2023 Patch Tuesday, including one actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) ... Read more
January 5, 2023 Zoho: Patch This Critical ManageEngine Vulnerability Now! A critical SQL injection vulnerability has been identified in multiple Zoho ManageEngine products. Zoho is urging all business users of the affected software solutions to ... Read more
December 22, 2022 Security Agency Recommends Businesses Change their Approach to Combat Phishing The UK National Cyber Security Centre (NCSC) has issued advice to businesses to help them improve their defenses against phishing, one of the most common ... Read more
December 20, 2022 Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway U.S. federal authorities are urging Citrix ADC and Citrix Gateway users to patch an unauthenticated remote code execution vulnerability that is being actively exploited by ... Read more
December 12, 2022 TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed Security researchers at Cisco Talos say there has been a marked increase in infections with TrueBot malware and the creation of two botnets, one focused ... Read more
December 12, 2022 63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022 A contest run by Trend Micro’s Zero Day initiative at Pwn2Own Toronto 2022 that rewards hackers for identifying and exploiting zero-day vulnerabilities has seen exploits ... Read more