Cybersecurity News
-
$40,000 Reward for Escalating Limited Path Traversal to RCE
As a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding…
Read More » -
Let’s Encrypt Unveils Six-Day Certificate and IP Address Options for 2025
Let’s Encrypt has announced plans to introduce six-day certificate options and support for IP address certificates in 2025. This initiative is part of the organization’s ongoing commitment to fortify the…
Read More » -
PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability
A serious security flaw has been identified in Ivanti Connect Secure, designated as CVE-2025-0282, which enables remote unauthenticated attackers to execute arbitrary code. As of January 8, 2025, Ivanti has acknowledged…
Read More » -
New Tool Unveiled to Scan Hacking Content on Telegram
A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking AI module designed to monitor and analyze content on Telegram. Known as the Apparatus Sapiens AI…
Read More » -
Hackers Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol
Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured on-premises applications can bypass Group Policy settings intended to disable NTLMv1. This vulnerability enables attackers to…
Read More » -
FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages
Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing campaigns are delivered via Telegram and use unique URLs to route users to credential-capturing counterfeit…
Read More » -
AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV
Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific versions of its native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon NICE DCV. Identified…
Read More » -
BitMEX Fined $100 Million for Violating Bank Secrecy Act
In a significant legal development, HDR Global Trading Ltd., operating under the name BitMEX, has been fined $100 million for violating the Bank Secrecy Act. Attorney for the United States,…
Read More » -
AIRASHI Botnet Exploiting 0DAY Vulnerabilities In Large Scale DDoS Attacks
AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024 that leveraged a 0DAY vulnerability on cnPilot routers and used RC4 encryption for sample strings. …
Read More » -
Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks
As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately, these disasters have also created an opportunity for cybercriminals to exploit the chaos and uncertainty.…
Read More » -
Apple Announces Information Security Internship For Students
Apple Inc. has officially opened applications for its highly anticipated Information Security Internship, aimed at students eager to dive into the dynamic world of cybersecurity. This opportunity is ideal for…
Read More » -
Aembit Announces Speaker Lineup for the Inaugural NHIcon
Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28…
Read More » -
Hackers Exploiting Fortinet Zero-day Vulnerability In Wild To Gain Super-Admin Privileges
A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is being actively exploited by hackers to gain super-admin privileges on affected devices. The authentication bypass flaw, tracked as CVE-2024-55591,…
Read More » -
RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation
Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot…
Read More » -
Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability
A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the public internet. The attacks, observed by Arctic Wolf between November and December 2024, exploit what is…
Read More » -
Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details
A critical flaw in Google’s “Sign in with Google” authentication system has left millions of Americans vulnerable to potential data theft. This vulnerability mainly affects former employees of startups, especially…
Read More » -
CISA Launched A Free Guide to Enhance OT Products Security
To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new step-by-step guide designed to help organizations select and deploy secure…
Read More » -
Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection
Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass Apple’s System Integrity Protection (SIP). Known as CVE-2024-44243, this vulnerability could be exploited to load third-party…
Read More » -
Microsoft Warns of MFA Issue Affecting Microsoft 365 users
Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that is impacting some Microsoft 365 (M365) users. The problem, which surfaced earlier today, is preventing affected…
Read More » -
IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks
A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising…
Read More »