Please turn on your JavaScript for this page to function normally.
attacks
Exploited: Cisco, SharePoint, Chrome vulnerabilities

Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s …

Ivanti
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and …

SonicWall
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting …

Russian flag
Exposed: Russian military Unit 29155 does digital sabotage, espionage

The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff …

ransomware
How RansomHub went from zero to 210 victims in six months

RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates …

cyber threat
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates

A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial …

China
Chinese APT40 group swifly leverages public PoC exploits

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …

AI
Unpacking CISA’s AI guidelines

CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both …

Check Point
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which …

healthcare
HHS pledges $50M for autonomous vulnerability management solution for hospitals

As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific …

social engineering
Black Basta target orgs with new social engineering campaign

Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access …

vulnerability
Critical vulnerabilities take 4.5 months on average to remediate

Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed …

Don't miss

Cybersecurity news