Attack List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
14.9.24 | New PIXHELL acoustic attack leaks secrets from LCD screen noise | A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. | Attack | |
11.9.24 | New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers | A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and | Attack | The Hacker News |
11.9.24 | New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks | A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data | Attack | The Hacker News |
8.9.24 | New RAMBO attack steals data using RAM in air-gapped computers | A novel side-channel attack dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. | Attack | |
8.9.24 | New Eucleak attack lets threat actors clone YubiKey FIDO keys | A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. | Attack | |
15.8.24 | DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals | Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar | Attack | The Hacker News |
11.8.24 | Windows Update downgrade attack "unpatches" fully-updated systems | SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities | Attack | |
9.8.24 | Linux kernel impacted by new SLUBStick cross-cache attack | A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. | Attack | |
8.8.24 | Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities | Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks | Attack | The Hacker News |
4.8.24 | Sitting Ducks DNS attacks let hackers hijack over 35,000 domains | Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. | Attack | |
3.8.24 | Microsoft says massive Azure outage was caused by DDoS attack | Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. | Attack | |
13.7.24 | New Blast-RADIUS attack bypasses widely-used RADIUS authentication | Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. | Attack | |
6.7.24 | OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers | French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 | Attack | The Hacker News |
5.7.24 | OVHcloud blames record-breaking DDoS attack on MikroTik botnet | OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). | Attack | |
2.7.24 | New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data | Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be | Attack | The Hacker News |
2.7.24 | Latest Intel CPUs impacted by new Indirector side-channel attack | Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. | Attack | |
| 17.6.24 | New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems | A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. | Attack | BleepingComputer |
26.5.24 | JAVS courtroom recording software backdoored in supply chain attack | Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. | Attack | |
17.5.24 | New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks | Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard | Attack | The Hacker News |
10.5.24 | New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation | Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop | ||
| 9.5.24 | New attack leaks VPN traffic using rogue DHCP servers | A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. | Attack | |
| 8.5.24 | New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data | Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage | Attack | The Hacker News |
| 13.4.24 | New Spectre v2 attack impacts Linux systems on Intel CPUs | Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. | Attack | |
| 29.3.24 | New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs | Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access) | Attack | The Hacker News |
| 27.3.24 | New ZenHammer memory attack impacts AMD Zen CPUs | Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. | Attack | |
| 23.3.24 | New GoFetch attack on Apple Silicon CPUs can steal crypto keys | A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. | Attack | |
| 23.3.24 | New ‘Loop DoS’ attack may impact up to 300,000 online systems | A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. | Attack | |
| 21.3.24 | New acoustic attack determines keystrokes from typing patterns | Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. | Attack | |
| 21.3.24 | New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems | A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting | Attack | The Hacker News |
| 7.3.24 | Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks | Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. | Attack | The Hacker News |
| 1.3.24 | New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems | Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have | Attack | |
| 23.2.24 | KeyTrap attack: Internet access disrupted with one DNS packet | A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period. | Attack | |
| 9.2.24 | No, 3 million electric toothbrushes were not used in a DDoS attack | A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. | Attack | |
1.2.24 | Global fintech firm EquiLend offline after recent cyberattack | New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack. | Attack | |
31.1.24 | Jason’s Deli says customer data exposed in credential stuffing attack | Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. | Attack | |
26.1.24 | From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks | As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track | Attack | The Hacker News |
15.1.24 | DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 | The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half | Attack | The Hacker News |
11.1.24 | Mandiant's X Account Was Hacked Using Brute-Force Attack | The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a | Attack | The Hacker News |
9.1.24 | Mortgage firm loanDepot cyberattack impacts IT systems, payment portal | U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. | Attack | |
9.1.24 | KyberSlash attacks put quantum encryption projects at risk | Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. | Attack | |
4.1.24 | Nearly 11 million SSH servers vulnerable to new Terrapin attacks | Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. | Attack | |
1.1.24 | New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security | Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that.. |