January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
29.11.24 |
"Operation Undercut"Shows Multifaceted Nature of SDA’s Influence Operations |
OPERATION |
||
|
29.11.24 |
Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. |
PHISHING |
||
|
29.11.24 |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), |
CVE |
||
|
28.11.24 |
Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft |
HACKING |
||
|
28.11.24 |
Gaming Engines: An Undetected Playground for Malware Loaders |
LOADER |
||
|
28.11.24 |
An Update on Recent Cyberattacks Targeting the US Wireless Companies |
INCIDENT |
||
|
28.11.24 |
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. |
CVE |
||
|
27.11.24 |
Bootkitty: Analyzing the first UEFI bootkit for Linux |
BOOTKIT |
||
|
27.11.24 |
Attacks by the attack group APT-C-60 using legitimate services |
APT |
||
|
27.11.24 |
Matrix Unleashes A New Widespread DDoS Campaign |
BOTNET |
||
|
26.11.24 |
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing |
CVE |
||
|
26.11.24 |
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' |
CVE |
||
|
26.11.24 |
(CVSS score: 9.8) - A use-after-free vulnerability in Firefox's Animation component (Patched by Mozilla in October 2024) |
CVE |
||
|
26.11.24 |
(CVSS score: 8.8) - A privilege escalation vulnerability in Windows Task Scheduler (Patched by Microsoft in November 2024) |
CVE |
||
|
26.11.24 |
RomCom exploits Firefox and Windows zero days in the wild |
GROUP |
||
|
26.11.24 |
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries |
RAT |
||
|
26.11.24 |
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions |
GROUP |
||
|
26.11.24 |
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. |
CVE |
||
|
25.11.24 |
The Dark Side of Domain-Specific Languages: Uncovering New Attack Techniques in OPA and Terraform |
ATTACK |
||
|
25.11.24 |
When Guardians Become Predators: How Malware Corrupts the Protectors |
ROOTKIT |
||
|
23.11.24 |
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON |
GROUP |
||
|
22.11.24 |
Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell |
APT |
||
|
22.11.24 |
Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY |
GROUP |
||
|
22.11.24 |
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike |
GROUP |
||
|
22.11.24 |
Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository. |
STEALER |
||
|
22.11.24 |
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) |
CVE |
||
|
22.11.24 |
CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface |
CVE |
||
|
21.11.24 |
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine |
LINUX BACKDOOR |
||
|
21.11.24 |
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine |
GROUP |
||
|
21.11.24 |
Attacks on Ukraine’s Energy Infrastructure: Harm to the Civilian Population |
MALWARE |
||
|
21.11.24 |
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. |
CVE |
||
|
21.11.24 |
Python NodeStealer Targets Facebook Ads Manager with New Techniques |
STEALER |
||
|
20.11.24 |
Ghost Tap: New cash-out tactic with NFC Relay |
NFC |
||
|
19.11.24 |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. |
CVE |
||
|
19.11.24 |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, |
CVE |
||
|
19.11.24 |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. |
CVE |
||
|
19.11.24 |
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. |
CVE |
||
|
19.11.24 |
Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector |
GROUP |
||
|
19.11.24 |
(CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content |
CVE |
||
|
19.11.24 |
(CVSS score: 6.1) - A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content |
CVE |
||
|
19.11.24 |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). |
CVE |
||
|
19.11.24 |
One Sock Fits All: The use and abuse of the NSOCKS botnet |
BOTNET |
||
|
19.11.24 |
Helldown Ransomware: an overview of this emerging threat |
RANSOMWARE |
||
|
19.11.24 |
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. |
CVE |
||
|
19.11.24 |
Babble Babble Babble Babble Babble Babble BabbleLoader |
LOADER |
||
|
18.11.24 |
The Abuse of ITarian RMM by Dolphin Loader |
LOADER |
||
|
18.11.24 |
LodaRAT: Established Malware, New Victim Patterns |
RAT |
||
|
18.11.24 |
Mr.Skeleton RAT - new malware based on the njRAT code |
RAT |
||
|
18.11.24 |
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. |
CVE |
||
|
16.11.24 |
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) |
CVE |
||
|
16.11.24 |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
GROUP |
||
|
16.11.24 |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
STEALER |
||
|
15.11.24 |
Malware Spotlight: A Deep-Dive Analysis of WezRat |
RAT |
||
|
15.11.24 |
New PXA Stealer targets government and education sectors for sensitive information |
STEALER |
||
|
15.11.24 |
PostgreSQL PL/Perl environment variable changes execute arbitrary code |
CVE |
||
|
15.11.24 |
(CVSS score: 9.9) - Palo Alto Networks Expedition OS Command Injection Vulnerability |
CVE |
||
|
15.11.24 |
(CVSS score: 9.3) - Palo Alto Networks Expedition SQL Injection Vulnerability |
CVE |
||
|
14.11.24 |
DNS Predators Hijack Domains to Supply their Attack Infrastructure |
DNS |
||
|
14.11.24 |
Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes |
DOWNLOADER |
||
|
14.11.24 |
CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild |
CVE |
||
|
13.11.24 |
Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity |
GROUP |
||
|
13.11.24 |
Iranian “Dream Job” Campaign 11.24 |
CAMPAIGN |
||
|
13.11.24 |
(CVSS score: 6.5) - Windows NTLM Hash Disclosure Spoofing Vulnerability |
CVE |
||
|
13.11.24 |
(CVSS score: 8.8) - Windows Task Scheduler Elevation of Privilege Vulnerability |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.2), which allows an attacker to impersonate a hub and hijack a device |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.2), which allows an attacker to claim arbitrary unclaimed devices by bypassing the requirement for a serial number |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.2), which allows an attacker to upload arbitrary firmware updates resulting in code execution |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.1), which allows an attacker to impersonate a hub and unclaim devices arbitrarily and subsequently exploit other flaws to claim it |
CVE |
||
|
12.11.24 |
(CVSS score: 5.1) - Privilege escalation to NetworkService Account access |
CVE |
||
|
12.11.24 |
(CVSS score: 5.1) - Limited remote code execution with the privilege of a NetworkService Account access |
CVE |
||
|
12.11.24 |
APT Actors Embed Malware within macOS Flutter Applications |
MacOS |
||
|
12.11.24 |
Ymir: new stealthy ransomware in the wild |
STEALER |
||
|
11.11.24 |
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign |
LOADER |
||
|
11.11.24 |
Machine Learning Bug Bonanza – Exploiting ML Services |
AI |
EXPLOIT |
|
|
08.11.24 |
Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave |
BOTNET |
||
|
08.11.24 |
Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT |
RAT |
||
|
08.11.24 |
Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber |
STEALER |
||
|
08.11.24 |
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging |
LINUX |
||
|
08.11.24 |
Android Framework Privilege Escalation Vulnerability |
CVE |
||
|
08.11.24 |
CyberPanel Incorrect Default Permissions Vulnerability |
CVE |
||
|
08.11.24 |
Nostromo nhttpd Directory Traversal Vulnerability |
CVE |
||
|
08.11.24 |
Palo Alto Expedition Missing Authentication Vulnerability |
CVE |
||
|
08.11.24 |
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence |
CRYPTO |
||
|
07.11.24 |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits |
EXPLOIT |
||
|
07.11.24 |
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency |
TROJAN |
||
|
07.11.24 |
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated |
CVE |
||
|
07.11.24 |
Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2 |
EXPLOIT |
||
|
06.11.24 |
Threat Campaign Spreads Winos4.0 Through Game Application |
TROJAN |
||
|
06.11.24 |
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM |
BANKING |
||
|
05.11.24 |
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 |
CVE |
||
|
05.11.24 |
Typosquat Campaign Targeting npm Developers |
MALWARE |
||
|
05.11.24 |
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. |
CVE |
||
|
04.11.24 |
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new variant of a well-known malware previously reported by ThreatFabric and Kaspersky. |
ANDROID |
||
|
04.11.24 |
(CVSS score: 7.5) - A vulnerability that an attacker can exploit using /api/create an endpoint to determine the existence of a file in the server (Fixed in version 0.1.47) |
CVE |
||
|
04.11.24 |
(CVSS score: 8.2) - An out-of-bounds read vulnerability that could cause the application to crash by means of the /api/create endpoint, resulting in a DoS condition (Fixed in version 0.1.46) |
CVE |
||
|
04.11.24 |
(CVSS score: 7.5) - A vulnerability that causes resource exhaustion and ultimately a DoS when invoking the /api/create endpoint repeatedly when passing the file "/dev/random" as input (Fixed in version 0.1.34) |
CVE |
||
|
04.11.24 |
(CVSS score: 7.5) - A path traversal vulnerability in the api/push endpoint that exposes the files existing on the server and the entire directory structure on which Ollama is deployed (Fixed in version 0.1.46) |
CVE |
||
|
1.11.24 |
A new variant of the Android malware called FakeCall has been observed in the wild. |
|||
|
1.11.24 |
Sauron is a new ransomware variant recently found in the wild. The malware appends ".sauron" extension to the encrypted files. The ransom note is dropped in form of a text file called "#HowToRecover.txt" on the affected machines. |
|||
|
1.11.24 |
UNC5812 campaigns against Ukraine with Android and Windows malware |
A recent report highlighted activity attributed to a suspected Russian threat actor identified as UNC5812. The activity involved distributions of Android and Windows malware targeting Ukranian military recruits. |
||
|
1.11.24 |
A new campaign delivering the Bumblebee loader has been reported this month. Bumblebee is a highly sophisticated downloader variant discovered initially back in 2022. |
|||
|
1.11.24 |
CVE-2024-40711 is a recently disclosed critical (CVSS score 9.8) deserialization vulnerability affecting the Veeam Backup and Replication software in version 12.1.2.172 or older. |
|||
|
1.11.24 |
A campaign involving a malicious Android app called "Lounge Pass" targeting air travelers at Indian airports has been observed. Distributed through fake domains, the app intercepts and forwards SMS messages from victims' devices to cybercriminals, leading to significant financial losses. |
|||
|
1.11.24 |
Adware Campaign uses Fake CAPTCHA to deliver Lumma and Amadey malware |
Threat actors are increasingly using fake CAPTCHA as an initial attack vector. A recent adware campaign is targeting online users by presenting them with fake CAPTCHA or update prompts. |
||
|
1.11.24 |
TeamTNT targets cloud-native environments in new Cryptojacking campaign |
A new campaign by the cryptojacking group TeamTNT has been reported targeting cloud-native environments for cryptocurrency mining and reselling compromised servers. |
||
|
1.11.24 |
Rekoobe malware found potentially targeting TradingView users |
An open directory has been discovered hosting Rekoobe malware, potentially aimed at targeting TradingView users along with other cyber espionage campaigns. |
||
|
1.11.24 |
Daggerfly targets Taiwanese entities with new CloudScout Toolset |
China-linked threat actor Daggerfly (also known as Evasive Panda) has been reported targeting a government entity and a religious organization in Taiwan with a previously undocumented post-compromise toolset called CloudScout. |
||
|
1.11.24 |
Daggerfly targets Taiwanese entities with new CloudScout Toolset |
Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. |
||
|
1.11.24 |
Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. |
|||
|
1.11.24 |
A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. |
|||
|
1.11.24 |
Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. |
SECURITY |
SECURITY |
|
|
1.11.24 |
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit |
PHISHING KIT |
||
|
1.11.24 |
In May 2024, ThreatFabric published a report about LightSpy for macOS. During that investigation, we discovered that the threat actor was using the same server for both macOS and iOS campaigns. |
iOS |
||
|
1.11.24 |
Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin |
This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 6.5.2. |
VULNEREBILITY |
|