exploit
-
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit has been discovered by researchers on an exposed server, revealing victim credentials, ngrok tokens,…
Read More » -
TA446 Uses DarkSword Exploit Kit to Target iPhone Users
Russia-linked espionage group TA446 has initiated a new phishing campaign using the DarkSword exploit kit to compromise iOS devices, leveraging…
Read More » -
New Homoglyph Tricks Let Cybercriminals Mimic Trusted Domains
New homoglyph attack techniques exploit subtle visual similarities in text to spoof trusted domains, steal credentials, and bypass Unicode handling…
Read More » -
Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams
A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to…
Read More » -
BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers
The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9…
Read More » -
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
New research highlights how infostealer malware can rapidly convert a single careless click into full credential exposure on dark web…
Read More » -
DarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhones
Security experts haveverified that the advanced iOS exploit chain known as DarkSword is now accessible outside of its original threat…
Read More » -
Roundcube Releases Urgent Security Update to Fix Critical Bugs
Roundcube Webmail has issued an urgent security update addressing eight critical vulnerabilities discovered by independent security researchers. This release, version…
Read More » -
Critical QNAP QVR Pro Flaw Could Let Remote Attackers Access Systems
QNAP has released an urgent security advisory regarding a critical vulnerability affecting its QVR Pro application, a widely deployed network…
Read More » -
CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Craft CMS to its Known Exploited…
Read More » -
Libyan Refinery Targeted in Prolonged Spy Campaign With AsyncRAT
A targeted cyber espionage campaign against Libyan organizations compromised a Libyan oil refinery, a telecommunications provider, and a state institution…
Read More » -
CISA Issues Warning on Apple Vulnerabilities Exploited Through DarkSword iOS Chain
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding three critical security flaws affecting the Apple…
Read More » -
Safer Sideloading Arrives with Android’s Advanced Flow
Google has announced a new mechanism in Android called Advanced Flow, which enables power users to sideload APKs from unverified…
Read More » -
Oracle Fixes High-Severity RCE Vulnerability Affecting Identity and Web Services Platforms
Oracle recently issued an urgent security alert regarding a critical Remote Code Execution (RCE) flaw that impacts both Oracle Identity…
Read More » -
CISA Warns Cisco Secure Firewall Management Center 0-Day Is Being Exploited in Ransomware Attacks
The Cybersecurity and Infrastructure SecurityAgency (CISA) has issued an urgent warning concerning a critical zero-day vulnerability actively exploited in targeted…
Read More » -
Critical UNISOC T612 Modem Flaw Enables Remote Code Execution via Cellular Calls
A critical flaw has beenidentified in UNISOC modem firmware, enabling attackers to execute arbitrary code remotely via cellular networks. As…
Read More » -
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution
Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable…
Read More » -
New Critical Jenkins Vulnerabilities Put CI/CD Servers at Risk of RCE Exploits
Jenkins disclosed a critical security advisory addressing multiple vulnerabilities impacting its core automation server and the LoadNinja plugin. These flaws…
Read More »