Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors
The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation
Information Security Magazine
Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist
4 months 3 weeks ago
Ilya Lichtenstein hacked into the cryptocurrency exchange in 2016 and stole around 120,000 bitcoins
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
4 months 3 weeks ago
The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October
Ransomware Groups Use Cloud Services For Data Exfiltration
4 months 3 weeks ago
SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services
O2’s AI Granny Outsmarts Scam Callers with Knitting Tales
4 months 3 weeks ago
Sitting Ducks DNS Attacks Put Global Domains at Risk
4 months 3 weeks ago
Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations
Microsoft Power Pages Misconfiguration Leads to Data Exposure
4 months 3 weeks ago
Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users
Massive Telecom Hack Exposes US Officials to Chinese Espionage
4 months 3 weeks ago
The FBI and CISA have confirmed that US officials’ private communications have been compromised
API Security in Peril as 83% of Firms Suffer Incidents
4 months 3 weeks ago
Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000
Bank of England U-turns on Vulnerability Disclosure Rules
4 months 3 weeks ago
The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns
4 months 3 weeks ago
Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic
AI Threat to Escalate in 2025, Google Cloud Warns
4 months 3 weeks ago
2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report
Lazarus Group Uses Extended Attributes for Code Smuggling in macOS
4 months 3 weeks ago
Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection
Amazon MOVEit Leaker Claims to Be Ethical Hacker
4 months 3 weeks ago
An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious
Microsoft Fixes Four More Zero-Days in November Patch Tuesday
4 months 3 weeks ago
Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware
4 months 3 weeks ago
The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware
Phishing Tool GoIssue Targets Developers on GitHub
4 months 3 weeks ago
New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
4 months 3 weeks ago
Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases
New Citrix Zero-Day Vulnerability Allows Remote Code Execution
4 months 3 weeks ago
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops
North Korea Hackers Leverage Flutter to Deliver macOS Malware
4 months 3 weeks ago
Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware
Checked
5 hours 51 minutes ago