exploit

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 2024-07-05 at 16:48 By Neetha Key Takeaways  Overview  The Zero Day Initiative (ZDI) uncovered a sophisticated DarkGate campaign in mid-January 2024, exploiting CVE-2024-21412 through fake software installers. On February 13, 2024, Microsoft patched this Microsoft Defender SmartScreen vulnerability, which involved internet shortcuts. Later, the APT group […]

React to this headline:

Loading spinner

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Mass exploitation is the new primary attack vector for ransomware

Mass exploitation is the new primary attack vector for ransomware 2024-06-18 at 07:01 By Help Net Security The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation, according to WithSecure. Edge service KEV vulnerability trends 64% of all edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) in the Known Exploited

React to this headline:

Loading spinner

Mass exploitation is the new primary attack vector for ransomware Read More »

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability 2024-06-14 at 18:31 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability Read More »

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability 

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  2024-06-14 at 18:16 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

React to this headline:

Loading spinner

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Pump.fun exploiter claims he was arrested in UK and now on bail

Pump.fun exploiter claims he was arrested in UK and now on bail 2024-05-20 at 08:01 By Cointelegraph by Jesse Coghlan The ex-employee alleged of exploiting pump.fun for $1.9 million claims he was arrested and charged in Britain and is now on bail. This article is an excerpt from Cointelegraph.com News View Original Source React to

React to this headline:

Loading spinner

Pump.fun exploiter claims he was arrested in UK and now on bail Read More »

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack 2024-05-18 at 02:01 By Cointelegraph by Christopher Roark The team behind the Bitcoin layer-2 developer has successfully frozen some exploited crypto after the attacker tried to cash out by sending funds to exchanges. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Loading spinner

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack Read More »

Organizations struggle to defend against ransomware

Organizations struggle to defend against ransomware 2024-05-17 at 07:01 By Help Net Security In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents. After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims

React to this headline:

Loading spinner

Organizations struggle to defend against ransomware Read More »

Binance develops ‘antidote’ to address poisoning scams after $68M exploit

Binance develops ‘antidote’ to address poisoning scams after $68M exploit 2024-05-16 at 14:01 By Cointelegraph by Zoltan Vardai Binance’s new algorithm has already helped detect over 13.4 million spoofed blockchain addresses on BNB and over 1.68 million on Ethereum. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Binance develops ‘antidote’ to address poisoning scams after $68M exploit Read More »

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) 2024-05-16 at 12:01 By Zeljka Zorz For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly

React to this headline:

Loading spinner

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) Read More »

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK 2024-05-15 at 00:02 By Cointelegraph by Christopher Roark The deployer account changed an Alex contract’s implementation address, and multiple tokens were subsequently drained from its bridge. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK Read More »

CertiK discovered $5M security flaw in Wormhole bridge on Aptos

CertiK discovered $5M security flaw in Wormhole bridge on Aptos 2024-05-13 at 23:01 By Cointelegraph by Christopher Roark A flaw in the bridge could have allowed an attacker to produce fake token transfers, but it was discovered and patched before anyone could take advantage of it. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

CertiK discovered $5M security flaw in Wormhole bridge on Aptos Read More »

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT 2024-05-13 at 20:01 By Cointelegraph by Christopher Roark Several wallets reportedly belonging to Rain sent suspicious token transfers to a new address. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) 2024-05-10 at 12:16 By Zeljka Zorz Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable heap

React to this headline:

Loading spinner

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) Read More »

Bugs in Gains Network fork let traders profit 900% on every trade: Report

Bugs in Gains Network fork let traders profit 900% on every trade: Report 2024-05-10 at 00:05 By Cointelegraph by Christopher Roark An attacker could have placed a limit buy order with an arbitrarily high open price to automatically win every trade, the Zellic security platform discovered. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Bugs in Gains Network fork let traders profit 900% on every trade: Report Read More »

Kronos Research hacker shifts funds to Tornado Cash

Kronos Research hacker shifts funds to Tornado Cash 2024-05-07 at 11:01 By Cointelegraph by Prashant Jha Kronos Research was exploited for $25 million in November last year, and one of the six wallets linked to the hacker started moving funds to Tornado Cash on May 7. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Kronos Research hacker shifts funds to Tornado Cash Read More »

GNUS Discord hack causes $1.27M in losses

GNUS Discord hack causes $1.27M in losses 2024-05-06 at 22:04 By Cointelegraph by Christopher Roark The attacker was able to view team members’ private Discord messages, allowing them to gain access to the team’s wallet address and mint 100 million fake tokens. This article is an excerpt from Cointelegraph.com News View Original Source React to

React to this headline:

Loading spinner

GNUS Discord hack causes $1.27M in losses Read More »

Hundred Finance hacker moves stolen assets a year after $7M exploit

Hundred Finance hacker moves stolen assets a year after $7M exploit 2024-05-02 at 15:01 By Cointelegraph by Ezra Reguerra The hacker holds about $4.3 million in various crypto assets in their Ethereum wallet. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Hundred Finance hacker moves stolen assets a year after $7M exploit Read More »

Scroll to Top