Lucene search
+L
ThnMost viewed

20914 matches found

thn
thn
added 2024/01/23 1:30 a.m.90 views

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could be exploited by a...

8.8CVSS9.3AI score0.17823EPSS
Exploits6
thn
thn
added 2024/01/13 10:45 a.m.90 views

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Juniper Networks has released updates to fix a critical remote code execution RCE vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Jun...

9.8CVSS9.1AI score0.17668EPSS
Exploits1
thn
thn
added 2023/11/23 10:47 a.m.90 views

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution RCE functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service DDoS botnet. "The payload targets routers and network video recorder NVR devices with default adm...

8.8CVSS8AI score0.73277EPSS
Exploits1
thn
thn
added 2023/11/15 4:18 a.m.90 views

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 CVSS score: 9.8, the vulnerability impacts instances that have been upgraded to version 10.5 from an older...

9.8CVSS10AI score0.99428EPSS
Exploits5
thn
thn
added 2023/08/30 11:15 a.m.90 views

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web...

9.8CVSS8.4AI score0.99999EPSS
Exploits54
thn
thn
added 2023/05/20 6:49 a.m.90 views

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

7.5CVSS6.8AI score0.7761EPSS
Exploits4
thn
thn
added 2023/05/20 4:15 a.m.90 views

Warning: Samsung Devices Under Attack! New Security Flaw Exposed

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 CVSS score: 4.4, impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean...

7.8CVSS7.3AI score0.87313EPSS
Exploits23
thn
thn
added 2023/03/22 1:9 p.m.90 views

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released eight Industrial Control Systems ICS advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics'...

9.8CVSS9AI score0.5005EPSS
Exploits3
thn
thn
added 2023/02/08 3:15 p.m.90 views

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System DMS offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convinc...

5.4CVSS0.7AI score0.00582EPSS
Exploits8
thn
thn
added 2023/01/18 5:56 a.m.90 views

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...

10CVSS1.2AI score0.96275EPSS
Exploits5
thn
thn
added 2022/11/02 11:28 a.m.90 views

Inside Raccoon Stealer V2

Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware...

0.3AI score
Exploits0
thn
thn
added 2022/10/26 4:24 a.m.90 views

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open...

9.1CVSS1.1AI score0.98124EPSS
Exploits7
thn
thn
added 2022/08/31 10:45 a.m.90 views

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website...

1.1AI score
Exploits0
thn
thn
added 2022/06/06 11:58 a.m.90 views

CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Food and Drug Administration FDA have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing NGS software. Three of the flaws are rated 10 out of 10 for severity on the Common...

4.2AI score0.01644EPSS
Exploits0
thn
thn
added 2022/02/14 3:26 a.m.90 views

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring...

10CVSS1.8AI score0.99199EPSS
Exploits5
thn
thn
added 2021/09/21 12:27 p.m.90 views

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed...

9.8CVSS1AI score0.99721EPSS
Exploits25
thn
thn
added 2021/06/11 9:28 a.m.90 views

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker t...

8.8CVSS1.4AI score0.00177EPSS
Exploits6
thn
thn
added 2021/03/15 10:3 a.m.90 views

Rising Demand for DDoS Protection Software Market By 2020-2028

Distributed Denial of Service DDoS attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds ...

0.6AI score
Exploits0
thn
thn
added 2021/03/09 9:58 a.m.90 views

SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the...

9.8CVSS1.1AI score0.9198EPSS
Exploits3
thn
thn
added 2021/02/02 10:28 a.m.90 views

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

The Office of the Washington State Auditor SAO on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerabilit...

0.7AI score
Exploits0
thn
thn
added 2020/05/14 10:20 a.m.90 views

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability CVE-2019-0887 as part of its July 2019 Patch Tuesday...

8.5CVSS8.6AI score0.70966EPSS
Exploits0
thn
thn
added 2019/09/11 6:32 a.m.90 views

Hundreds of BEC Scammers Arrested in Nigeria and U.S. — $3.7 Million Recovered

Breaking News — The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI. Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking you...

7AI score
Exploits0
thn
thn
added 2019/07/31 10:37 a.m.90 views

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control? Of course, the attacker would never wish to be on the same flight, so in this article, we are going t...

1.1AI score
Exploits0
thn
thn
added 2019/06/11 10:21 a.m.90 views

New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498,...

9.8CVSS0.7AI score0.01995EPSS
Exploits0
thn
thn
added 2019/02/18 12:25 p.m.90 views

Popular Torrent Uploader 'CracksNow' Caught Spreading Ransomware

It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader "CracksNow," who had trusted status from many...

6.9AI score
Exploits0
thn
thn
added 2018/12/04 6:52 a.m.90 views

Quora Gets Hacked – 100 Million Users Data Stolen

The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday...

1.6AI score
Exploits0
thn
thn
added 2018/08/27 7:17 a.m.90 views

Critical Flaw in Fortnite Android App Lets Hackers Install Malware

Security researchers from Google have publicly disclosed an extremely serious security flaw in the first Fortnite installer for Android that could allow other apps installed on the targeted devices to manipulate installation process and load malware, instead of the Fortnite APK. Earlier this mont...

0.2AI score
Exploits0
thn
thn
added 2018/07/11 3:33 p.m.90 views

Facebook Faces £500,000 Fine in U.K. Over Cambridge Analytica Leak

Facebook has been fined £500,000 $664,000 in the U.K. after the country's data protection watchdog concluded that its data-sharing scandal broke the law, making it as the social network's first fine over the Cambridge Analytica scandal. Yes, £500,000—that's the maximum fine allowed by the UK's Da...

0.3AI score
Exploits0
thn
thn
added 2018/06/08 7:56 a.m.90 views

Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...

6.8AI score
Exploits0
thn
thn
added 2014/06/17 10:49 p.m.90 views

Towelroot : One-Click Android Rooting Tool Released By Geohot

Waiting for the root access for your AT&T or Verizon Android phone? Then there is really a Great News for you! Geohot aka George Hotz - a famed cracker who was responsible for hacking the PlayStation 3 and subsequently being sued by Sony - has built and released a root tool called Towelroot on...

7.2CVSS6.7AI score0.37233EPSS
Exploits15
thn
thn
added 2014/03/24 7:37 p.m.90 views

Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010…” company said. According to Microsoft's...

9.3CVSS9.3AI score0.7746EPSS
Exploits10
thn
thn
added 2025/01/27 2:17 p.m.89 views

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve...

8.5CVSS9.1AI score0.10047EPSS
Exploits2
thn
thn
added 2024/06/28 11:0 a.m.89 views

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...

7.4AI score
Exploits0
thn
thn
added 2024/04/16 11:14 a.m.89 views

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

The maintainers of the PuTTY Secure Shell SSH and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 ecdsa-sha2-nistp521 private keys. The flaw has been assigned the CVE identifier...

6.1AI score0.05773EPSS
Exploits0
thn
thn
added 2023/10/19 4:2 a.m.89 views

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 CVSS score: 7.8, which allows attackers to execute arbitrary code wh...

7.8CVSS8AI score0.97798EPSS
Exploits49
thn
thn
added 2023/08/03 2:20 p.m.89 views

Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack

Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated...

9.8CVSS9.9AI score0.99445EPSS
Exploits18
thn
thn
added 2023/07/21 9:3 a.m.89 views

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Several distributed denial-of-service DDoS botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined...

9.8CVSS10.3AI score0.99284EPSS
Exploits8
thn
thn
added 2023/06/27 2:22 p.m.89 views

New Mockingjay Process Injection Technique Could Let Malware Evade Detection

A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers...

8.2AI score
Exploits0
thn
thn
added 2023/03/31 9:37 a.m.89 views

3CX Supply Chain Attack — Here's What We Know So Far

Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS...

7.8CVSS7.3AI score0.04373EPSS
Exploits1
thn
thn
added 2023/03/13 11:47 a.m.89 views

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodes...

1.6AI score
Exploits0
thn
thn
added 2022/12/08 7:59 a.m.89 views

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers...

8.8CVSS8.3AI score0.80667EPSS
Exploits0
thn
thn
added 2022/12/08 7:56 a.m.89 views

Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack

An Iranian advanced persistent threat APT actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack...

0.7AI score
Exploits0
thn
thn
added 2022/08/23 3:3 a.m.89 views

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 CVSS score: 8.6, i...

8.6CVSS1.9AI score0.02126EPSS
Exploits0
thn
thn
added 2021/07/29 8:46 a.m.89 views

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

A previously undocumented Android-based remote access trojan RAT has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed "Vultur" due to its use of Virtual Network Computing VNC's...

0.3AI score
Exploits0
thn
thn
added 2021/07/19 6:51 a.m.89 views

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft...

9.8CVSS9.1AI score0.45423EPSS
Exploits1
thn
thn
added 2021/06/24 8:0 a.m.89 views

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standar...

9.8CVSS1.1AI score0.10619EPSS
Exploits0
thn
thn
added 2021/05/28 11:24 a.m.89 views

SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. Some of the entities that were...

6.1CVSS0.2AI score0.07082EPSS
Exploits0
thn
thn
added 2020/12/21 4:57 p.m.89 views

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...

10CVSS0.4AI score0.01848EPSS
Exploits0
thn
thn
added 2020/11/05 10:18 a.m.89 views

Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies

Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the...

10CVSS0.2AI score0.4299EPSS
Exploits5
thn
thn
added 2019/11/06 9:8 a.m.89 views

Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates withou...

0.6AI score
Exploits0
Total number of security vulnerabilities5000