Cybersecurity News
-
Browser Extension to Detect HTML Smuggling Attacks
SmuggleShield, a recently launched browser extension, is gaining attention in the cybersecurity space for its innovative approach to mitigating HTML smuggling attacks. With its stable version (2.0) now available, SmuggleShield…
Read More » -
Researchers Uncover Phishing-As-A-Service Domains Associated With Tycoon 2FA
The Tycoon 2FA platform is a Phishing-as-a-Service (PhaaS) tool that enables cybercriminals to easily launch sophisticated phishing attacks targeting two-factor authentication (2FA). It provides a service that simplifies the process…
Read More » -
iTerm2 Emulator Vulnerability Let Attackers Access Sensitive User Data
A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users. The flaw, which could allow malicious attackers to access sensitive…
Read More » -
Apple Agrees to $95M Settlement Over Siri Privacy Lawsuit
Apple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging that its Siri voice assistant infringed on users’ privacy by recording private conversations without their…
Read More » -
NTT Docomo Hit by DDoS Attack, Services Disrupted for 11 Hours
NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption on January 2, 2025, after a Distributed Denial of Service (DDoS) attack targeted its network…
Read More » -
ASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands
72 Hours to Audit-Ready API Security APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation. Join…
Read More » -
New PLAYFULGHOST Malware Hacking Devices To Remotely Capture Audio Recordings
PLAYFULGHOST, a Gh0st RAT variant, leverages distinct traffic patterns and encryption, which spread via phishing emails and SEO poisoning of bundled applications, enabling keylogging, screen capture, and other malicious remote…
Read More » -
PoC Exploit Released For Critical Windows LDAP RCE Vulnerability
The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP requests, which, sent without any user…
Read More » -
Windows 11 BitLocker Encryption Bypassed to Extract Full Volume Encryption Keys
A cybersecurity researcher has demonstrated a method to bypass BitLocker encryption on Windows 11 (version 24H2) by extracting full volume encryption keys (FVEK) from memory. Using a custom-built tool named Memory-Dump-UEFI,…
Read More » -
New Stealthy Malware Leveraging SSH Over TOR Attacking Ukrainian Military
Researchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake “Army+” application websites, which host a malicious installer that, upon execution, extracts the legitimate application alongside the Tor…
Read More » -
DrayTek Devices Vulnerability Let Attackers Arbitrary Commands Remotely
The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability. Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers can inject arbitrary commands into…
Read More » -
TrueNAS CORE Vulnerability Let Attackers Execute Remote Code
Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems. The…
Read More » -
CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS. Tracked as CVE-2024-3393, this flaw has been observed in…
Read More » -
US Treasury Department Breach, Hackers Accessed Workstations
The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department, gaining unauthorized access to employee workstations and unclassified documents. This revelation follows a string of…
Read More » -
McDonald’s Delivery App Bug Let Customers Orders For Just $0.01
McDonald’s India (West & South) / Hardcastle Restaurants Pvt. Ltd. operates a custom McDelivery web app for ordering McDonald’s food for delivery, dine-in, and takeout. The app is popular, with…
Read More » -
Brazilian Hacker Arrested Hacking Computers & Selling Data
A Brazilian man, Junior Barros De Oliveira, has been charged with multiple counts of cybercrime and extortion for hacking into the computer systems of a Brazilian subsidiary of a New…
Read More » -
Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to exploit firewalls through specially crafted packets,…
Read More » -
NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long…
Read More »