Cisco Webex Meetings Meeting Information and Metadata Issue June 2024

In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix ha...

CVE-2024-21848

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel...

CVE-2024-21848 Users maintain access to active call after being removed from a channel

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel...

PT-2024-22277 · Fitnesse · Fitnesse

Name of the Vulnerable Software and Affected Versions: FitNesse all releases Description: The issue allows a remote authenticated attacker to execute arbitrary OS commands. Note that this behavior is claimed by a contributor to be a product specification rather than a vulnerability, and this is...

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data...

How to Build a Cybersecurity Culture in Your Company

Decoding the Essential Components of Cyber Safeguard Culture In today's era, marked by copious dependencies on digital technologies, strengthening defenses against digital security vulnerabilities has become more than just a choice, it's a critical necessity. Establishing a culture of cyber...

How to choose a free vulnerability scanner: Insights from an industry veteran

The cybersecurity market is awash with expensive, high-end solutions for detecting vulnerabilities in third-party applications. However, for smaller security teams, free vulnerability scanners offer a practical alternative. But of course, free doesn’t always mean better—it’s crucial to thoroughly...

Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy...

PT-2025-13360 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the dmaengine tegra component. The problem occurs when terminating an ongoing transfer, which can lead to...

MAL-2023-8412 Malicious code in shithandlers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c769d824071682d21cd70c7c8f9bba7131817158c02e931df79e6936a241a06a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Announcing NEW Malwarebytes Identity Theft Protection

We’ve always been committed to keeping you safe and secure online. But these days, cybersecurity isn’t just about defending you from malware; it’s about protecting your—and your family’s—entire digital identity. We know that people are worried. In fact, in our latest report, titled “Everyone’s...

DarkGate Opens Organizations for Attack via Skype, Teams

We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment...

LLM Summary of My Book Beyond Fear

Claude Anthropics LLM was given this prompt: Please summarize the themes and arguments of Bruce Schneiers book Beyond Fear. Im particularly interested in a taxonomy of his ethical arguments--please expand on that. Then lay out the most salient criticisms of the book. Claudes reply: Heres a brief...

setFullWeightDuration() can be called while a member election is ongoing

Lines of code Vulnerability details Bug Description In SecurityCouncilMemberElectionGovernorCountingUpgradeable, fullWeightDuration which is the duration where a user's votes has weight 1 can be set using setFullWeightDuration: SecurityCouncilMemberElectionGovernorCountingUpgradeable.solL77-L84...

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Advanced persistent threat APT actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile EPMM as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint...

TA445 Targeting Government and Military Sectors in Ukraine and Poland

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA455 conducts ongoing campaigns targeting government entities, military organizations, and civilians in Ukraine and Poland to steal information and establish remote access, using multi-stage infection...

VulnCheck KEV: CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain

Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. "The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources...

Insight on Vulnerabilities in MOVEit Transfer

Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back...

Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to th...