Trusted Cybersecurity News Platform
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as “intricate” and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software….
The MITRE Corporation, a non-profit organization that runs federally funded research and development centers, has disclosed that a sophisticated cyber attack recently compromised one of its internal research and development networks. MITRE detected the attack on one of its internal R&D networks and took immediate action to contain the incident. The attack was believed to…
In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This latest vulnerability, currently unpatched and rated 10/10 on the CVSS (Common Vulnerability Scoring System), highlights the limitations of traditional security approaches. Xiid SealedTunnel, the world’s first and…
Threat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that’s designed to download next-stage payloads from a remote URL, Checkmarx said in…
Hackers always end up targeting famous YouTube channels because of their large audience base, and their aim is to exploit the same for different reasons. Hacking such a platform becomes one of the most lucrative activities in terms of money that one can engage in through demanding ransom or getting those illegal revenues earned from…
Threat actors have been discovered exploiting a Fortinet Forticlient EMS vulnerability to install unauthorized RMM tools and PowerShell backdoors on the targeted systems. The vulnerability exploited by the threat actors was CVE-2023-48788. Moreover, an external inbound network connection was found to connect with the FCMdaemon process, followed by downloading and executing RMM tools or PowerShell-based backdoors….
A recent lawsuit was filed by Google against two app developers, Yunfeng Sun (also known as Alphonse Sun) and Hongnam Cheung (also known as Zhang Hongnim and Stanford Fischer), for their alleged involvement in an international online investment fraud scheme. As a consequence of the Defendants’ breach, Google has incurred economic losses exceeding $75,000. These losses stem…
Paris Saint-Germain (PSG), one of France’s premier football clubs, has been the victim of a cyber attack. The club’s ticketing system was explicitly targeted, raising concerns over data security and the safety of fan information just as the Champions League quarter-finals loom on the horizon. On April 3, the Information Systems Department of Paris Saint-Germain detected…
Hospitals across the nation are on high alert as sophisticated cybercriminals use advanced social engineering tactics to target IT help desks. The Health Sector Cybersecurity Coordination Center (HC3) has issued a Sector Alert detailing the latest threat to the healthcare industry. The HC3’s latest report reveals a concerning trend of threat actors using social engineering to gain unauthorized access…
A recent phishing campaign targeting Latin America utilized emails with ZIP attachments containing an HTML file disguised as an invoice using free, temporary email addresses with the domain “temporary.link” and spoofing the User-Agent field in the header to indicate use of Roundcube Webmail, a platform that phishers frequently abuse, aiming to trick recipients into downloading…