javascript
-
A Key Weapon in the Ongoing War Between Hackers and Defenders
Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code from defenders. This technique, which deliberately…
Read More » -
Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake…
Read More » -
Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing…
Read More » -
Hackers Rapidly Adopt ClickFix Technique for Sophisticated Attacks
In recent months, a sophisticated social engineering technique known as ClickFix has gained significant traction among cybercriminals and nation-state-sponsored groups.…
Read More » -
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website
A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through…
Read More » -
Cybercriminals Target IIS Servers to Spread BadIIS Malware
A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services (IIS) servers by threat actors deploying…
Read More » -
1- Click RCE Vulnerability In Voyager PHP Allow Attackers Execute Arbitrary code in Server
A recently disclosed security vulnerability in the Voyager PHP package, a popular tool for managing Laravel applications, has raised significant…
Read More » -
$40,000 Reward for Escalating Limited Path Traversal to RCE
As a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives…
Read More » -
Apple Announces Information Security Internship For Students
Apple Inc. has officially opened applications for its highly anticipated Information Security Internship, aimed at students eager to dive into…
Read More » -
IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks
A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for…
Read More » -
Chrome Security Update – Patch for Multiple Security Vulnerabilities
Google has released an update for its Chrome web browser, advancing to version 131.0.6778.264/.265 for Windows and Mac, and 131.0.6778.264…
Read More » -
Researchers Uncover Phishing-As-A-Service Domains Associated With Tycoon 2FA
The Tycoon 2FA platform is a Phishing-as-a-Service (PhaaS) tool that enables cybercriminals to easily launch sophisticated phishing attacks targeting two-factor…
Read More » -
New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical…
Read More » -
CISA Releases Eight new ICS Advisories to Defend Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting Industrial Control Systems (ICS). These…
Read More »