Cyber Threats

May 23, 2023

KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory

A vulnerability has been identified in KeePass password management solution that allows an attacker to recover the cleartext master password from the memory if the ...

May 8, 2023

North Korean Threat Group Using ReconShark Malware in Spear Phishing Campaign

A North Korean advanced persistent threat (APT) actor is using a new malware called ReconShark in a global spear phishing campaign. The malware is capable ...

April 26, 2023

Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected

An exploit has been released for a critical vulnerability in the widely used print management software PaperCut, which is used by more than 700,000 organizations ...

April 17, 2023

Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users

A high-severity vulnerability in Android devices is being actively exploited to spy on users of a popular Chinese e-commerce app, according to a recent alert ...

April 12, 2023

Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug

Microsoft released patches to fix 97 vulnerabilities on April 2023 Patch Tuesday including a Windows zero-day privilege execution vulnerability in the Windows Common Log File ...

April 11, 2023

Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws

Apple has released patches to fix two zero-day vulnerabilities that can be exploited to execute arbitrary code on unpatched iPhones, iPads, and Macs. Apple has ...

March 29, 2023

Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs

Ransomware gangs are targeting a critical vulnerability in the IBM Aspera Faspex application to gain access to enterprise networks. Aspera is a file-exchange application used ...

March 2, 2023

Trezor Confirms Customers Being Targeted in Phishing Campaign

Trezor users are being targeted in a multi-channel phishing campaign that attempts to trick them into disclosing their recovery seeds, which will allow their wallets ...

February 14, 2023

Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang

A zero-day vulnerability in the GoAnywhere MFT secure file transfer tool has allegedly been exploited by the Clop ransomware gang to attack more than 130 ...

January 31, 2023

QNAP Warns of Critical Vulnerability in its NAS Devices

The network-attached storage (NAS) device maker QNAP has warned customers about a critical remote code injection vulnerability affecting devices running QTS or QuTS hero firmware ...

January 18, 2023

Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware

Last month, OpenAI launched an AI-based system called ChatGPT that is capable of answering queries and generating natural language text, which can be used for ...

January 10, 2023

January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day

Patches have been released to fix almost 100 vulnerabilities on January 2023 Patch Tuesday, including one actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) ...

January 5, 2023

Zoho: Patch This Critical ManageEngine Vulnerability Now!

A critical SQL injection vulnerability has been identified in multiple Zoho ManageEngine products. Zoho is urging all business users of the affected software solutions to ...

December 22, 2022

Security Agency Recommends Businesses Change their Approach to Combat Phishing

The UK National Cyber Security Centre (NCSC) has issued advice to businesses to help them improve their defenses against phishing, one of the most common ...

December 20, 2022

Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway

U.S. federal authorities are urging Citrix ADC and Citrix Gateway users to patch an unauthenticated remote code execution vulnerability that is being actively exploited by ...

December 12, 2022

TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed

Security researchers at Cisco Talos say there has been a marked increase in infections with TrueBot malware and the creation of two botnets, one focused ...

December 12, 2022

63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022

A contest run by Trend Micro’s Zero Day initiative at Pwn2Own Toronto 2022 that rewards hackers for identifying and exploiting zero-day vulnerabilities has seen exploits ...

November 22, 2022

Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings

A phishing campaign has been detected that exploits a zero-day Windows vulnerability to drop Qbot malware, a password-stealing Trojan cum malware dropper. QBot has been ...

November 15, 2022

Massive WhatsApp Phishing Campaign Detected Involving 42,000 Malicious Domains

A massive phishing campaign is being conducted via WhatsApp that alerts recipients that they have won a prize and need to visit a website using ...

November 14, 2022

CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management

Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. ...

November 9, 2022

Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday

Microsoft released patches to fix 68 vulnerabilities on November 2022 Patch Tuesday, 11 of which are rated critical with the remainder rated important. This round ...

November 1, 2022

OpenSSL Vulnerability Downgraded from Critical to High Severity

On October 25, 2022, a warning was issued about a critical vulnerability in OpenSSL that had the potential to be as bad as the 2014 ...

October 26, 2022

Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads

Apple has released a batch of security updates to fix known vulnerabilities in its iOS operating system, including a fix for zero-day iOS vulnerability that ...

October 25, 2022

Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication

Several remote code execution vulnerabilities have been identified in the Veeam Backup & Replication application which have been exploited by threat actors, with some threat ...

October 24, 2022

Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10%

A recent study, conducted by researchers at Leiden Institute of Advanced Computer Science, suggests the risk of being infected with malware from downloading proof-of-concept (PoC) ...

October 17, 2022

Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells

Patches have been released by Zimbra to fix an actively exploited flaw affecting Zimbra Collaboration (Zimbra Collaboration Suite). The critical flaw, tracked as CVE-2022-41352, is ...

October 10, 2022

New Callback Phishing Tactics Used to Gain Access to Devices

Ransomware gangs have resurrected a callback phishing technique for gaining initial access to networks, where initial contact is made with the victim via email and ...

September 30, 2022

Microsoft Confirms Two Exchange Server Zero-Day Vulnerabilities Being Actively Exploited

Microsoft has confirmed that two zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited in the wild and that patches are currently being developed ...

September 16, 2022

Phishing Campaign Uses a Queen Elizabeth II Lure to Steal Credentials

Whenever there is a major news story that is attracting considerable public interest, phishers are quick to respond, so it is no surprise that they ...

September 14, 2022

September 2022 Patch Tuesday: Microsoft Patches 5 Critical Vulnerabilities and Actively Exploited 0Day

Microsoft released patches to fix 63 vulnerabilities on September 2022 Patch Tuesday, 5 of which have been rated critical, including one zero-day vulnerability affecting Windows ...

Previous 1 234 5…18 Next

.st1{display:none}Cyber Threats

Cyber Threats