Malware & Threats

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway

Citrix, Citrix Bleed, exploited, Malware & Threats, Vulnerabilities /

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway 01/11/2023 at 17:31 By Ionut Arghire Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway. The post Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source […]

React to this headline:

Loading spinner

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway Read More »

Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution

Malware, Malware & Threats /

Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution 01/11/2023 at 16:01 By Ionut Arghire Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines. The post Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution Read More »

Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack

cloud security, Fraud & Identity Theft, Malware & Threats, Slack, Wiki-Slack, Wikipedia /

Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack 30/10/2023 at 16:46 By Ionut Arghire Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack. The post Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack appeared first on SecurityWeek.

React to this headline:

Loading spinner

Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack Read More »

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

Featured, Malware, Malware & Threats, NSA /

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools 27/10/2023 at 17:47 By Ionut Arghire The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. The post Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools Read More »

‘YoroTrooper’ Espionage Group Linked to Kazakhstan

APT, Malware & Threats /

‘YoroTrooper’ Espionage Group Linked to Kazakhstan 25/10/2023 at 23:46 By Ionut Arghire Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. The post ‘YoroTrooper’ Espionage Group Linked to Kazakhstan appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

‘YoroTrooper’ Espionage Group Linked to Kazakhstan Read More »

Apple Ships Major iOS, macOS Security Updates

apple, Endpoint Security, iOS, macOS, Malware & Threats, Mobile & Wireless, Vulnerabilities, WebKit /

Apple Ships Major iOS, macOS Security Updates 25/10/2023 at 23:01 By Ryan Naraine Apple patches dozens of serious security flaws in its macOS and iOS platforms, warning that hackers could launch code execution exploits. The post Apple Ships Major iOS, macOS Security Updates appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Apple Ships Major iOS, macOS Security Updates Read More »

Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day

exploited, Malware & Threats, Roundcube, Russia, Zero-Day /

Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day 25/10/2023 at 19:17 By Ionut Arghire Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments. The post Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day Read More »

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected

exploit, iOS, Kaspersky, Malware & Threats, Operation Triangulation /

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected 24/10/2023 at 22:01 By Ionut Arghire Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks. The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected Read More »

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant

Cisco, Malware & Threats, Vulnerabilities, vulnerability, Zero-Day /

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant 24/10/2023 at 20:02 By Eduard Kovacs The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant. The post Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant appeared first on

React to this headline:

Loading spinner

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant Read More »

Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops

Cisco, Featured, Malware & Threats, Vulnerabilities, Zero-Day /

Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops 23/10/2023 at 21:49 By Eduard Kovacs Cisco has found a second zero-day vulnerability that has been exploited in recent attacks as the number of hacked devices has started dropping. The post Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops appeared first

React to this headline:

Loading spinner

Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops Read More »

Authorities Seize Control of RagnarLocker Ransomware Dark Web Site

cybercrime, Europol, Malware & Threats, RagnarLocker, Ransomware /

Authorities Seize Control of RagnarLocker Ransomware Dark Web Site 20/10/2023 at 18:31 By Ionut Arghire The RagnarLocker ransomware group’s dark web leak site has been seized in a coordinated law enforcement operation. The post Authorities Seize Control of RagnarLocker Ransomware Dark Web Site appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Authorities Seize Control of RagnarLocker Ransomware Dark Web Site Read More »

Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000

Cisco, exploited, Malware & Threats, Vulnerabilities /

Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 19/10/2023 at 14:01 By Eduard Kovacs The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US. The post Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 Read More »

Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw

China, CVE-2023-38831, cybercrime, Malware & Threats, Nation-State, Russia, Sandworm, Vulnerabilities, WinRAR /

Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw 18/10/2023 at 20:55 By Ryan Naraine Google says it is still catching government-backed groups linked to China and Russia launching WinRAR exploits in targeted attacks. The post Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw Read More »

Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability

Cisco, Featured, Malware & Threats, Zero-Day /

Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability 18/10/2023 at 14:01 By Eduard Kovacs Tens of thousands of Cisco devices have reportedly been hacked via the exploitation of the zero-day vulnerability CVE-2023-20198. The post Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability Read More »

Signal Pours Cold Water on Zero-Day Exploit Rumors

Encryption, Lockdown Mode, Malware & Threats, Privacy, Signal, Vulnerabilities, WhatsApp /

Signal Pours Cold Water on Zero-Day Exploit Rumors 16/10/2023 at 17:47 By Ryan Naraine Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app. The post Signal Pours Cold Water on Zero-Day Exploit Rumors appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Signal Pours Cold Water on Zero-Day Exploit Rumors Read More »

Spyware Caught Masquerading as Israeli Rocket Alert Applications

Hamas, Israel, Malware & Threats, spyware /

Spyware Caught Masquerading as Israeli Rocket Alert Applications 16/10/2023 at 13:32 By Ionut Arghire A threat actor targets Israelis with spyware masquerading as an Android application for receiving rocket alerts. The post Spyware Caught Masquerading as Israeli Rocket Alert Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Spyware Caught Masquerading as Israeli Rocket Alert Applications Read More »

SEC Investigating Progress Software Over MOVEit Hack

Data Breaches, Malware & Threats, MOVEit, Progress Software, Ransomware, SEC, Vulnerabilities, WS_FTP /

SEC Investigating Progress Software Over MOVEit Hack 12/10/2023 at 20:16 By Ionut Arghire Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software. The post SEC Investigating Progress Software Over MOVEit Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

SEC Investigating Progress Software Over MOVEit Hack Read More »

Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin

backdoor, Malware & Threats, WordPress /

Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin 12/10/2023 at 17:50 By Ionut Arghire A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence. The post Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin Read More »

Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business

Application Security, CVE-2023-36563, CVE-2023-41763, CVE-2023-44487, Malware & Threats, Microsoft, Patch Tuesday, Vulnerabilities /

Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business 10/10/2023 at 21:32 By Ryan Naraine Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild. The post Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business Read More »

Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop

Adobe, CVE-2023-26370, Incident Response, magento, Malware & Threats, Patch Tuesday, Vulnerabilities /

Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop 10/10/2023 at 20:17 By Ryan Naraine Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks. The post Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop Read More »

Scroll to Top