Microsoft found a new bug that allows bypassing SIP root restrictions in macOS
Apple fixed a vulnerability discovered by Microsoft researchers that lets attackers with root privileges bypass System Integrity Protection (SIP).
Researchers from Microsoft discovered a vulnerability, tracked as CVE-2023-32369 and dubbed Migraine, that can allow attackers with root privileges to bypass System...
PyPI enforces 2FA authentication to prevent maintainers’ account takeover
PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns.
Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by...
A database containing 478,000 RaidForums members leaked online
The database of the popular RaidForums hacking forum has been leaked on a new hacking forum, 478,000 members exposed.
A database belonging to the now-defunct RaidForums cybercrime platform has been leaked on a new hacking forum called Exposed. The...
CISA adds recently patched Barracuda zero-day to its Known Exploited Vulnerabilities catalog
US CISA added recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities catalog.
US Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities Catalog.
This week, the network security solutions provider Barracuda...
New CosmicEnergy ICS malware threatens energy grid assets
Experts detailed a new piece of malware, named CosmicEnergy, that is linked to Russia and targets industrial control systems (ICS).
Researchers from Mandiant discovered a new malware, named CosmicEnergy, designed to target operational technology (OT) / industrial control system (ICS) systems. The...
D-Link fixes two critical flaws in D-View 8 network management suite
D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution.
D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could...
Zyxel firewall and VPN devices affected by critical flaws
Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition.
Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN...
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware
North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware.
AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave...
Barracuda Email Security Gateway (ESG) hacked via zero-day bug
Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability.
Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors...
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea
The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and...
Google announced its Mobile VRP (vulnerability rewards program)
Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications.
Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications.
Google’s Mobile...
CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
US CISA added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog.
US Cybersecurity and Infrastructure Security Agency (CISA) added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities Catalog.
The three issues reside...
China bans chip maker Micron from its key information infrastructure
The Chinese government announced the ban on the products made by the US memory chip giant Micron Technology over national security concerns.
The Cyberspace Administration of China announced the ban on products made by US memory chip giant Micron Technology...
US CISA warns of a Samsung vulnerability under active exploitation
US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog.
US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog.
The issue affects Samsung mobile devices...
February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million
Vesuvius, a leader in molten metal flow engineering and technology, revealed that the February cyber incident will cost it £3.5 million
Vesuvius is a global leader in molten metal flow engineering and technology, it employs more than 10,000 people and...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
