exploit

Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits

exploit, Featured, Vulnerabilities /

Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits 2024-04-08 at 15:46 By Ionut Arghire Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits Read More »

How malicious email campaigns continue to slip through the cracks

Cofense, communication, cybersecurity, Don't miss, Email, exploit, Hot stuff, phishing, QR codes, Video, vishing /

How malicious email campaigns continue to slip through the cracks 2024-04-08 at 07:01 By Help Net Security In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business. Cofense researchers have

How malicious email campaigns continue to slip through the cracks Read More »

Telegram trading bot Solareum shutters days after $520K exploit

exploit, sol, Solana, Solareum, Telegram, trading bot, wallet drainer /

Telegram trading bot Solareum shutters days after $520K exploit 2024-04-02 at 10:01 By Cointelegraph by Martin Young The team cited insufficient funds, evolving market trends, and a recent security breach for its closure. This article is an excerpt from Cointelegraph.com News View Original Source

Telegram trading bot Solareum shutters days after $520K exploit Read More »

Prisma Finance says $540K still at risk, hacker demands team reveal themselves

attack, exploit, Loan, Onchain Message, Onchain Proposal, Prisma Finance, Smart Contract Vulnerability, Trove /

Prisma Finance says $540K still at risk, hacker demands team reveal themselves 2024-04-01 at 05:02 By Cointelegraph by Brayden Lindrea The decentralized borrowing protocol said there were still 14 accounts that have yet to revoke the affected smart contract that caused $11.6 million to be exploited last week. This article is an excerpt from Cointelegraph.com

Prisma Finance says $540K still at risk, hacker demands team reveal themselves Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware /

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

Zero-day exploitation surged in 2023, Google finds Read More »

Hacker mints 1B tokens in $16M Curio smart contract exploit

Curio, exploit, hack /

Hacker mints 1B tokens in $16M Curio smart contract exploit 2024-03-26 at 14:02 By Cointelegraph by Ezra Reguerra Curio said it will conduct a fund compensation program for affected liquidity providers, which could potentially take up to one year to complete. This article is an excerpt from Cointelegraph.com News View Original Source

Hacker mints 1B tokens in $16M Curio smart contract exploit Read More »

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Don't miss, exploit, Hot stuff, JetBrains, Malware, News, Ransomware, Remote Access Trojan, Trend Micro, vulnerability /

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack

exploit, Featured, IoT Security, Pwn2Own, Tesla, Vulnerabilities /

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack 2024-03-21 at 11:46 By Eduard Kovacs Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software. The post $200,000 Awarded at Pwn2Own 2024 for Tesla Hack appeared first on SecurityWeek. This article is an

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack Read More »

Old Dolomite exchange contract suffers $1.8M loss from approval exploit

CertiK, dolomite, exploit, hack /

Old Dolomite exchange contract suffers $1.8M loss from approval exploit 2024-03-21 at 00:01 By Cointelegraph by Christopher Roark The Ethereum version of Dolomite suffered a $1.8 million exploit, and the team is warning users to revoke approvals for this old address. This article is an excerpt from Cointelegraph.com News View Original Source

Old Dolomite exchange contract suffers $1.8M loss from approval exploit Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Mozaic Finance hacked for $2.4M via private key compromise

arbitrum, exploit, hack, mexc, mozaic finance, private key /

Mozaic Finance hacked for $2.4M via private key compromise 2024-03-15 at 23:17 By Cointelegraph by Christopher Roark The yield farming app was exploited through a possible private key compromise, according to a CertiK report. This article is an excerpt from Cointelegraph.com News View Original Source

Mozaic Finance hacked for $2.4M via private key compromise Read More »

NetMind platform ‘has not been compromised,’ claims team after miner hack FUD

BNB, exploit, hack, netmind /

NetMind platform ‘has not been compromised,’ claims team after miner hack FUD 2024-03-15 at 20:04 By Cointelegraph by Christopher Roark NetMind AI claimed that the token crash was caused by an individual miner being hacked, not by a platform-wide exploit. This article is an excerpt from Cointelegraph.com News View Original Source

NetMind platform ‘has not been compromised,’ claims team after miner hack FUD Read More »

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334) 

exploit, vulnerability /

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  2024-03-15 at 11:01 By neetha871ad236bd CGSI captures potential exploitation of an Aiohttp vulnerability by the ShadowSyndicate Group. The post CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  appeared first on Cyble. This article is an excerpt from Cyble View Original Source

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  Read More »

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve, backup, disaster recovery, Don't miss, enterprise, exploit, Hot stuff, News, PoC, SMBs, Tenable /

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) 2024-03-14 at 13:00 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) Read More »

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows /

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

DeFi protocol Unizen to provide ‘immediate reimbursement’ after $2.1M hack

exploit, hack, hackers /

DeFi protocol Unizen to provide ‘immediate reimbursement’ after $2.1M hack 2024-03-11 at 11:01 By Cointelegraph by Ezra Reguerra DeFi protocol Unizen announced that it will issue an immediate refund to users who lost their funds to an exploit this weekend. This article is an excerpt from Cointelegraph.com News View Original Source

DeFi protocol Unizen to provide ‘immediate reimbursement’ after $2.1M hack Read More »

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation

exploit, vulnerability /

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation 2024-03-07 at 12:25 By neetha871ad236bd Cyble Global Sensor Intelligence observes active exploitation of JetBrains TeamCity Authentication Bypass vulnerability. The post JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation appeared first on Cyble. This article is an excerpt from Cyble View Original Source

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability /

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

CVE count set to rise by 25% in 2024

Coalition, CVE, cybersecurity, exploit, News, patching, RDP, report, vulnerability management /

CVE count set to rise by 25% in 2024 2024-02-26 at 07:00 By Help Net Security The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens software vulnerability concerns Vulnerabilities

CVE count set to rise by 25% in 2024 Read More »

The old, not the new: Basic security issues still biggest threat to enterprises

credentials, critical infrastructure, cybercrime, cybersecurity, exploit, generative AI, IBM, IBM X-Force, identity, News, report /

The old, not the new: Basic security issues still biggest threat to enterprises 2024-02-23 at 08:01 By Help Net Security In 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon for threat actors, according to IBM’s 2024 X-Force Threat Intelligence Index.

The old, not the new: Basic security issues still biggest threat to enterprises Read More »

Scroll to Top