Please turn on your JavaScript for this page to function normally.
USB
Threat actor used Vimeo, Ars Technica to serve second-stage malware

A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, …

Windows
A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for …

GitLab
Self-managed GitLab installations should be patched again (CVE-2024-0402)

Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability …

ransomware
What makes ransomware victims less likely to pay up?

There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente …

Fortra GoAnywhere
PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers …

Stolen Device Protection for iPhone
Apple debuts new feature to frustrate iPhone thieves

Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive …

Trello
Data of 15 million Trello users scraped and offered for sale

Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The …

Microsoft Outlook
Attackers can steal NTLM password hashes via calendar invites

A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two …

Ivanti
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity …

PostgreSQL
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The …

vmware
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and …

Google Chrome
Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools