Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed
A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. “RedGolf is a particularly prolific Chinese state-sponsored threat actor group
A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running
A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. “The spread
Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. “Multi-cloud by design,” and its companion the supercloud, is an
3CX said it’s working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that’s using digitally
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google’s Threat Analysis Group (TAG) has revealed. The
The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has
Malware analysis is an essential part of security researcher’s work. But working with malicious samples can be dangerous — it requires specialized tools to record their activity, and a secure
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously