Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

21/08/2024 0 Comments 0 tags

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

21/08/2024 0 Comments 0 tags

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. “This application shares several

Styx Stealer Creator’s OPSEC Fail Leaks Client List and Profit Details

21/08/2024 0 Comments 0 tags

In what’s a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to

It’s Time To Untangle the SaaS Ball of Yarn

21/08/2024 0 Comments 0 tags

It’s no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

21/08/2024 0 Comments 0 tags

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

21/08/2024 0 Comments 0 tags

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster

Czech Mobile Users Targeted in New Banking Credential Theft Scheme

21/08/2024 0 Comments 0 tags

Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to steal their banking account credentials.

Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

21/08/2024 0 Comments 0 tags

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

20/08/2024 0 Comments 0 tags

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

20/08/2024 0 Comments 0 tags

Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used