exploit

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)

Chrome, Don't miss, exploit, Google, Hot stuff, News, security update, vulnerability /

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) 29/11/2023 at 14:46 By Helga Labus Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne […]

React to this headline:

Loading spinner

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) Read More »

Vulnerability disclosure: Legal risks and ethical considerations for researchers

cybersecurity, data breach, Don't miss, exploit, extortion, Features, Government, Hot stuff, law, News, opinion, Privacy, Project Black, regulation, remediation, risk assessment, strategy, vulnerability disclosure /

Vulnerability disclosure: Legal risks and ethical considerations for researchers 27/11/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity. Zhang explores the intricate balancing act that researchers must perform when navigating the interests of

React to this headline:

Loading spinner

Vulnerability disclosure: Legal risks and ethical considerations for researchers Read More »

KyberSwap attacker used ‘infinite money glitch’ to drain funds: DeFi expert

ambient, exploit, hack, kyberswap /

KyberSwap attacker used ‘infinite money glitch’ to drain funds: DeFi expert 23/11/2023 at 21:02 By Cointelegraph By Tom Blackstone By exploiting a bug, the attacker caused liquidity to be “double counted,” allowing them to get an unfair price for a swap. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Loading spinner

KyberSwap attacker used ‘infinite money glitch’ to drain funds: DeFi expert Read More »

KyberSwap DEX exploited for $46 million, TVL tanks 68%

DeFi, dex, exploit, hacker, kyberswap /

KyberSwap DEX exploited for $46 million, TVL tanks 68% 23/11/2023 at 05:02 By Cointelegraph By Martin Young The DEX aggregator has been exploited across multiple blockchains with millions in wrapped Ether and other assets stolen. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

KyberSwap DEX exploited for $46 million, TVL tanks 68% Read More »

Apache ActiveMQ bug exploited to deliver Kinsing malware

Apache ActiveMQ, cryptojacking, Don't miss, exploit, Hot stuff, Linux, Malware, News, Trend Micro, vulnerability /

Apache ActiveMQ bug exploited to deliver Kinsing malware 21/11/2023 at 15:02 By Helga Labus Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services

React to this headline:

Loading spinner

Apache ActiveMQ bug exploited to deliver Kinsing malware Read More »

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

CISA, Don't miss, enterprise, exploit, Hot stuff, News, PoC, Sophos, vulnerability /

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) 20/11/2023 at 14:47 By Helga Labus CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability

React to this headline:

Loading spinner

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) Read More »

Danish energy sector hit by a wave of coordinated cyberattacks

critical infrastructure, cyberattack, Don't miss, energy sector, exploit, Hot stuff, News, SektorCERT, vulnerability, Zyxel /

Danish energy sector hit by a wave of coordinated cyberattacks 14/11/2023 at 21:16 By Helga Labus The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses

React to this headline:

Loading spinner

Danish energy sector hit by a wave of coordinated cyberattacks Read More »

Juniper networking devices under attack

CISA, Don't miss, enterprise, exploit, firewall, Hot stuff, Juniper Networks, News, vulnerability, WatchTowr /

Juniper networking devices under attack 14/11/2023 at 16:46 By Zeljka Zorz CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been – chained

React to this headline:

Loading spinner

Juniper networking devices under attack Read More »

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

0-day, Don't miss, exploit, extortion, Hot stuff, ITSM, Microsoft, News, Ransomware, security update, SysAid, web shell /

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) 09/11/2023 at 18:01 By Helga Labus A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s

React to this headline:

Loading spinner

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) Read More »

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network

Authentication Bypass, Big-IP, Citrix, CVE-2023-46747, CVE-2023-46748, CVE-2023-4966, exploit, Gateway Buffer Overflow, NetScaler, SQL injection, vulnerability /

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network 08/11/2023 at 16:02 By cybleinc Cyble’s Global Sensors capture multiple exploit attempts targeting vulnerable BIG-IP and Citrix NetScaler instances. The post Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network appeared first on Cyble. This article

React to this headline:

Loading spinner

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Loading spinner

Looney Tunables bug exploited for cryptojacking Read More »

Ransomware attacks set to break records in 2023

attacks, Corvus Insurance, cybersecurity, exploit, News, Ransomware, report /

Ransomware attacks set to break records in 2023 01/11/2023 at 08:01 By Help Net Security Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global

React to this headline:

Loading spinner

Ransomware attacks set to break records in 2023 Read More »

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

Assetnote, Citrix, Don't miss, exploit, hardware, Hot stuff, Mandiant, NetScaler, News, Ransomware, vulnerability /

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) 30/10/2023 at 14:46 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the

React to this headline:

Loading spinner

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) Read More »

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected

exploit, iOS, Kaspersky, Malware & Threats, Operation Triangulation /

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected 24/10/2023 at 22:01 By Ionut Arghire Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks. The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

React to this headline:

Loading spinner

State-sponsored APTs are leveraging WinRAR bug Read More »

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

0-day, Citrix, Don't miss, exploit, Hot stuff, Mandiant, News, security update /

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability

React to this headline:

Loading spinner

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Stars Arena recovers 90% of stolen funds after offering $257K bounty

bounty, Crypto hack, deso, exploit, Friend Tech, hack, stars arena, web3 social /

Stars Arena recovers 90% of stolen funds after offering $257K bounty 12/10/2023 at 05:02 By Cointelegraph By Jesse Coghlan The exploiter of the Web3 social media platform agreed to keep a 10% bounty in exchange for returning the remainder of the stolen funds. This article is an excerpt from Cointelegraph.com News View Original Source React

React to this headline:

Loading spinner

Stars Arena recovers 90% of stolen funds after offering $257K bounty Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

botnet, exploit, Malware & Threats, Mirai /

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal 10/10/2023 at 19:07 By Ionut Arghire A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices. The post Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal Read More »

Scroll to Top