Please turn on your JavaScript for this page to function normally.
encryption
8 US telcos compromised, FBI advises Americans to use encrypted communications

FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from …

package
Solana’s popular web3.js library backdoored in supply chain compromise

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player …

eyes
How widespread is mercenary spyware? More than you think

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results …

Progress
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular …

Veeam
Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC …

Matrix encrypted chat service
Police takes down Matrix encrypted chat service used by criminals

A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created for criminals. Matrix (Source: …

phishing
Phishers send corrupted documents to bypass email security

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last …

ENG
US government, energy sector contractor hit by ransomware

ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, …

AWS keys
The shocking speed of AWS key exploitation

It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before …

AWS
AWS offers incident response service

Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other …

Godot game engine
Cybercriminals used a gaming engine to create undetectable malware loader

Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses …

VPN
Researchers reveal exploitable flaws in corporate VPN clients

Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be …

Don't miss

Cybersecurity news