GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

06/09/2024 0 Comments 0 tags

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

06/09/2024 0 Comments 0 tags

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

06/09/2024 0 Comments 0 tags

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. “If a country is unhappy with an internet service,

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

06/09/2024 0 Comments 0 tags

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

05/09/2024 0 Comments 0 tags

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

05/09/2024 0 Comments 0 tags

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

05/09/2024 0 Comments 0 tags

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

05/09/2024 0 Comments 0 tags

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

05/09/2024 0 Comments 0 tags

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

05/09/2024 0 Comments 0 tags

The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in