Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...

staging.cese.nsw.gov.au Cross Site Scripting vulnerability OBB-3448072

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

forecast.waves.nsw.gov.au Cross Site Scripting vulnerability OBB-3448076

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

Cybercriminals Exploit Old Telerik Bug for Data Theft

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT actors and financially motivated cybercriminals were observed exploiting old Telerik vulnerabilities in an attack targeting a US government agency. To receive real-time threat advisories, please foll...

forecast.waves.nsw.gov.au Cross Site Scripting vulnerability OBB-3435622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Unveiling Cadet Blizzard APT’s Wiper Attacks Targeting Ukraine

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cadet Blizzard, a Russian GRU-sponsored threat group, conducted major cyber operations using WhisperGate, a customized wiper malware, to demonstrate their destructive capabilities through targeted attack...

What You Need To Know About MOVEit

The MOVEit Vulnerabilities and Latest Exploits. Impact On Governmental Agencies And Large Organizations Governmental agencies and large organizations around the world are being hit by ransomware attacks exploiting several vulnerabilities in MOVEit, a widely used file transfer solution. The...

CVE-2023-34453

creationtimestamp| type| source ---|---|--- 2023-06-15 20:21:42+00:00| seen| https://t.me/cibsecurity/65273 2026-04-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1833...

CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities

Today, CISA, the Federal Bureau of Investigation FBI, and Multi-State Information Sharing and Analysis Center MS-ISAC released an update for joint Cybersecurity Advisory CSA Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This iteration of the CSA—now renamed...

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers

SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency CISA and authoring organizations identified the presence of indicators of compromise IOCs at a federal civilian executive branch FCEB agency. Analysts determined that multiple cyber threat...

New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations

The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and...

CVSSv4 Public Preview Announcement

On June 8, 2023, at the 35th Annual FIRST Conference in Montreal, the public preview of CVSSv4 was announced. The Common Vulnerability Scoring System CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities. Since its initial release in 2004, CVSS h...

CVE-2023-32015

creationtimestamp| type| source ---|---|--- 2023-06-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1041 2023-06-14 07:30:50+00:00| seen| https://t.me/cibsecurity/65195...

nwtt.waves.nsw.gov.au Cross Site Scripting vulnerability OBB-3424444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

forecast.waves.nsw.gov.au Cross Site Scripting vulnerability OBB-3424432

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The US Is Openly Stockpiling Dirt on All Its Citizens

A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is buying troves of data about Americans...

PT-2023-3075

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions prior to 7.2.5 Fortinet FortiOS versions prior to 7.0.12 Fortinet FortiOS versions prior to 6.4.13 Fortinet FortiOS versions prior to 6.0.16 Fortinet FortiProxy versions prior to 7.2.3 Fortinet FortiProxy versions pri...

Former TikTok exec: Chinese Communist Party had "God mode" entry to US data

A former executive at TikToks parent company ByteDance has claimed in court documents that the Chinese Communist Party CCP had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco...

nwtt.waves.nsw.gov.au Cross Site Scripting vulnerability OBB-3405768

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...