Zeljka Zorz
“Pool Party” process injection techniques evade EDRs
SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool …
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …
Short-term AWS access tokens allow attackers to linger for a longer while
Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them …
Researchers automated jailbreaking of LLMs with other LLMs
AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an …
Microsoft will offer extended security updates for Windows 10
Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be …
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!
OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux …
Critical Zyxel NAS vulnerabilities patched, update quickly!
Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by …
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against …
CISA urges water facilities to secure their Unitronics PLCs
News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging …
PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been …
Okta breach: Hackers stole info on ALL customer support users
The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a …
Critical ownCloud flaw under attack (CVE-2023-49103)
Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in …
Featured news
Resources
Don't miss
- What it really takes to build a resilient cyber program
- How cybercriminals exploit psychological triggers in social engineering attacks
- Key tips to stay safe from deepfake and AI threats
- UK retailers under cyber attack: Co-op member data compromised
- How CISOs can talk cybersecurity so it makes sense to executives