Security researchers have disclosed critical vulnerabilities in Citrix Virtual Apps and Desktops that could allow remote code execution (RCE) attacks. Proof-of-concept (PoC) exploitation attempts have already been observed in the
Uncategorized
CrowdStrike Spends to Boost Identity Threat Detection
Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise.
PAN-OS Access Management RCE Vulnerability, 11k+ Interface IPs Exposed
Palo Alto Networks has issued a critical security advisory regarding a potential remote code execution (RCE) vulnerability affecting the PAN-OS management interface of their next-generation firewalls. The advisory, released on
MOVEit 0-day Breach – Millions of Employee Data Stolen from 25 Major Organizations
A critical vulnerability in the widely used MOVEit file transfer software has led to one of the most extensive corporate data leaks in recent history, affecting millions of employees across
6 Effective Steps to Accelerate Cybersecurity Incident Response
Modern security tools continue to evolve, improving their ability to protect organizations from cyber threats. Despite these advances, bad actors still occasionally find ways to infiltrate networks and endpoints. Therefore,
Microsoft Bookings Flaw Let Hackers Create Impersonate User Acccounts
A critical security flaw in Microsoft Bookings has been uncovered. This flaw, inherent in the default configuration of Microsoft Bookings, potentially allows attackers to create unauthorized Entra (formerly Azure AD)
Hackers Exploiting Veeam RCE Flaw to Deploy New Frag Ransomware
Threat actors are actively exploiting a critical vulnerability in Veeam Backup & Replication software to deploy a new ransomware strain called “Frag.” The vulnerability, tracked as CVE-2024-40711, allows unauthenticated remote
Hackers Attacking macOS Users with New Multi-Stage Malware
North Korean threat actors, likely associated with BlueNoroff, have launched multi-stage malware attacks targeting cryptocurrency businesses, expanding their toolkit to include RustDoor/ThiefBucket and RustBucket campaigns. Hidden Risk, a DPRK-linked threat
Beware of Fake Copyright Claims that Deliver Rhadamanthys Stealer Malware
Cybercriminals have launched a large-scale phishing attack using a new variant of Rhadamanthys Stealer, dubbed CopyRh(ight)adamantys, which targets individuals and organizations worldwide, falsely accusing them of copyright infringement. Attackers impersonate
North Korean Hackers Abuse Cloud-Based Services to Deploy Malware
ESET’s recent report details the activities of various advanced persistent threat (APT) groups from April to September 2024, highlighting key trends and developments observed during this period, including the use
