web
-
Meteobridge web interface Vulnerability Let Attackers Inject Commands Remotely
ONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect…
Read More » -
Severe vBulletin Flaw Allows Remote Code Execution by Attackers
A newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of…
Read More » -
Hackers Expose 184 Million User Passwords via Open Directory
A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique…
Read More » -
Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as an “uncensored” and “private” alternative…
Read More » -
Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application for managing crypto assets via…
Read More » -
Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000
A threat actor known as #LongNight has reportedly put up for sale remote code execution (RCE) access to Burger King…
Read More » -
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication
Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used…
Read More » -
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content…
Read More » -
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a highly sophisticated phishing-based attack. Cybersecurity…
Read More » -
Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver…
Read More » -
Ivanti Released Security Updates to fix the Multiple RCE Vulnerabilities
Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several products, including Endpoint Manager Mobile…
Read More » -
Hackers Exploit Host Header Injection to Breach Web Applications
Cybersecurity researchers have reported a significant rise in web breaches triggered by a lesser-known technique: Host Header Injection. This sophisticated…
Read More » -
IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads
IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos Analytics platform. These flaws, tracked…
Read More » -
Claude AI Abused in Influence-as-a-Service Operations and Campaigns
Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of adversarial operations, most notably a…
Read More » -
Threat Actors Attacking U.S. citizens Via social engineering Attack
As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed…
Read More » -
Threat Actors Target Critical National Infrastructure with New Malware and Tools
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national…
Read More » -
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories
Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux…
Read More » -
RansomHub Ransomware Deploys Malware to Breach Corporate Networks
The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging SocGholish malware, also known as FakeUpdates,…
Read More »