CVE-2024-22253

creationtimestamp| type| source ---|---|--- 2024-03-05 19:26:24+00:00| seen| https://t.me/ctinow/200608 2024-03-05 19:26:31+00:00| seen| https://t.me/ctinow/200614 2024-03-06 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1240 2024-03-06 09:22:51+00:00| seen|...

libindx.moray.gov.uk Cross Site Scripting vulnerability OBB-3864817

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users

A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users. Meta-owned WhatsApp has been fighting NSO in court since 2019, after Pegasus was allegedly used against 1,400 WhatsApp users over th...

The UK’s GPS Tagging of Migrants Has Been Ruled Illegal

The UK’s privacy regulator says the government did not take into account the intrusiveness of ankle tags that continuously monitor a person’s location...

How the “Frontier” Became the Slogan of Uncontrolled AI

Artificial intelligence AI has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. Its a scary metaphor. Throughout American history, the drive for expansion and the very concept of terrain u...

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of...

oce.oregon.gov Cross Site Scripting vulnerability OBB-3860762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

LockBit Ransomware Gang Returns, Taunts FBI and Vows Data Leaks

By Waqas LockBit ransomware gang relaunches operation after law enforcement hacked its servers, threatening to target government entities more now. This is a post from HackRead.com Read the original post: LockBit Ransomware Gang Returns, Taunts FBI and Vows Data Leaks...

CVE-2024-26598

creationtimestamp| type| source ---|---|--- 2024-02-23 16:32:11+00:00| seen| https://t.me/ctinow/191887 2024-02-23 16:41:53+00:00| seen| https://t.me/ctinow/191911 2024-02-24 12:46:21+00:00| seen| https://t.me/ctinow/192565 2025-08-14 10:00:00+00:00| seen|...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon aka Anxun is...

planning.sopa.nsw.gov.au Cross Site Scripting vulnerability OBB-3855087

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

U.S. State Government Network Breached via Former Employee's Account

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

Actions to take today to mitigate malicious cyber activity: 1. Continuously remove and disable accounts and groups from the enterprise that are no longer needed, especially privileged accounts. 2. Enable and enforce multifactor authentication with strong passwords. 3. Store credentials in a secur...

CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organization

Today, CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA, Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedure...

CVE-2024-23674

The CVE concerns The Online-Ausweis-Funktion eID scheme in the German National Identity Card (through 2024-02-15). A malevolent actor can perform authentication bypass via spoofing, enabling a network-based MITM to impersonate a victim for government, medical, and financial access and to extract ...

CVE-2024-24697

creationtimestamp| type| source ---|---|--- 2024-02-14 01:21:43+00:00| seen| https://t.me/ctinow/184350 2024-02-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1230 2024-03-04 09:11:53+00:00| seen| https://t.me/ctinow/199098...

CVE-2024-24691

creationtimestamp| type| source ---|---|--- 2024-02-14 01:21:40+00:00| seen| https://t.me/ctinow/184347 2024-02-14 17:16:50+00:00| seen| https://t.me/ctinow/184832 2024-02-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1230 2024-03-06 07:07:24+00:00| seen|...

Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices

Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures. The exact...