exploit

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

APT, Don't miss, exploit, Government, government-backed attacks, Hot stuff, Malware, News, Russian Federation /

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly […]

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

APT, CVE, cybercrime, Don't miss, ESET, exploit, Hot stuff, News, Windows /

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to

React to this headline:

Loading spinner

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

exploit, Featured, Microsoft, Patch Tuesday, Vulnerabilities, Windows, Zero-Day /

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited 2024-08-13 at 23:01 By Ryan Naraine Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category. The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited Read More »

CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug

CrowdStrike, exploit, Featured, Incident Response, Qihoo 360, Vulnerabilities /

CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug 2024-08-08 at 20:46 By Ryan Naraine CrowdStrike dismissed claims that the Falcon EDR sensor bug could be exploited for privilege escalation or remote code execution. The post CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug Read More »

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos

cybercrime, ESET, exploit, News /

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos 2024-07-23 at 12:16 By Help Net Security ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit

React to this headline:

Loading spinner

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos Read More »

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412

exploit, vulnerability /

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 2024-07-05 at 16:48 By Neetha Key Takeaways  Overview  The Zero Day Initiative (ZDI) uncovered a sophisticated DarkGate campaign in mid-January 2024, exploiting CVE-2024-21412 through fake software installers. On February 13, 2024, Microsoft patched this Microsoft Defender SmartScreen vulnerability, which involved internet shortcuts. Later, the APT group

React to this headline:

Loading spinner

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

CVE, Don't miss, exploit, file-sharing, Fortra, Hot stuff, MFT, News, PoC, SQL injection, Tenable, vulnerability /

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Mass exploitation is the new primary attack vector for ransomware

CVE, cybersecurity, exploit, News, report, survey, WithSecure /

Mass exploitation is the new primary attack vector for ransomware 2024-06-18 at 07:01 By Help Net Security The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation, according to WithSecure. Edge service KEV vulnerability trends 64% of all edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) in the Known Exploited

React to this headline:

Loading spinner

Mass exploitation is the new primary attack vector for ransomware Read More »

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability 2024-06-14 at 18:31 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability Read More »

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability 

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  2024-06-14 at 18:16 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

CVE, Devcore, Don't miss, exploit, Hot stuff, Imperva, News, PHP, Ransomware, vulnerability, WatchTowr, Windows /

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

React to this headline:

Loading spinner

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Pump.fun exploiter claims he was arrested in UK and now on bail

arrested, bail, exploit, Memecoin, pump.fun /

Pump.fun exploiter claims he was arrested in UK and now on bail 2024-05-20 at 08:01 By Cointelegraph by Jesse Coghlan The ex-employee alleged of exploiting pump.fun for $1.9 million claims he was arrested and charged in Britain and is now on bail. This article is an excerpt from Cointelegraph.com News View Original Source React to

React to this headline:

Loading spinner

Pump.fun exploiter claims he was arrested in UK and now on bail Read More »

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack

alex bridge, alex labs, alex protocol, BNB Smart Chain, CEXs, exploit, hack, hack recovery, hackers /

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack 2024-05-18 at 02:01 By Cointelegraph by Christopher Roark The team behind the Bitcoin layer-2 developer has successfully frozen some exploited crypto after the attacker tried to cash out by sending funds to exchanges. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Loading spinner

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack Read More »

Organizations struggle to defend against ransomware

critical infrastructure, cybersecurity, Don't miss, exploit, extortion, Hot stuff, NTT Security, Ransomware, supply chain, Video /

Organizations struggle to defend against ransomware 2024-05-17 at 07:01 By Help Net Security In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents. After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims

React to this headline:

Loading spinner

Organizations struggle to defend against ransomware Read More »

Binance develops ‘antidote’ to address poisoning scams after $68M exploit

Address Poisoning Scam, Address Spoofing, Binance Security, Bitcoin Scams, crypto scam, Cryptocurrencies, cybersecurity, exploit, scams, security /

Binance develops ‘antidote’ to address poisoning scams after $68M exploit 2024-05-16 at 14:01 By Cointelegraph by Zoltan Vardai Binance’s new algorithm has already helped detect over 13.4 million spoofed blockchain addresses on BNB and over 1.68 million on Ethereum. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Binance develops ‘antidote’ to address poisoning scams after $68M exploit Read More »

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

0-day, Chrome, Don't miss, exploit, Hot stuff, Kaspersky, News, security update /

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) 2024-05-16 at 12:01 By Zeljka Zorz For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly

React to this headline:

Loading spinner

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) Read More »

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK

alex, Bitcoin Layer 2, bridge, CertiK, exploit, private key hack /

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK 2024-05-15 at 00:02 By Cointelegraph by Christopher Roark The deployer account changed an Alex contract’s implementation address, and multiple tokens were subsequently drained from its bridge. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK Read More »

CertiK discovered $5M security flaw in Wormhole bridge on Aptos

Aptos, bug, CertiK, cybersecurity, exploit, hack, wormhole /

CertiK discovered $5M security flaw in Wormhole bridge on Aptos 2024-05-13 at 23:01 By Cointelegraph by Christopher Roark A flaw in the bridge could have allowed an attacker to produce fake token transfers, but it was discovered and patched before anyone could take advantage of it. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

CertiK discovered $5M security flaw in Wormhole bridge on Aptos Read More »

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT

BitGo, exploit, hack, rain, ZachXBT /

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT 2024-05-13 at 20:01 By Cointelegraph by Christopher Roark Several wallets reportedly belonging to Rain sent suspicious token transfers to a new address. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT Read More »

Scroll to Top