Urgent PHP Fix for Windows Users

Details have emerged about a major new security vulnerability in PHP that could be exploited to achieve remote code execution under certain conditions. The vulnerability, identified as CVE-2024-4577, is described as a CGI argument injection flaw affecting all PHP versions installed on the Windows…


0 Comments3 Minutes

TikTok Stars Fall Victim to Zero-Click DM Hacking

TikTok, a popular video-sharing website, has disclosed a security flaw that threat actors used to gain control of high-profile accounts on the platform. Semafor and Forbes were the first to report on the development, which outlined a zero-click account takeover effort that allows malware spread…


0 Comments5 Minutes

Python Developers Hit by Fake “Crytic-Compilers” Scam on PyPI

Cybersecurity experts discovered a malicious Python package posted to the Python Package Index (PyPI) repository intended to transmit an information stealer known as Lumma (aka LummaC2). You might be interested in: Rockwell’s Call to Disconnect ICS from Internet The package in question is…


0 Comments4 Minutes

Cox Modem Vulnerabilities Threaten Millions

Vulnerabilities in Cox modems, now patched, that permitted permission bypasses, may have been used as a springboard to gain unauthorized access to the devices and execute malicious commands. “This series of vulnerabilities demonstrated a way in which a fully external attacker, without any…


0 Comments5 Minutes

LilacSquid’s Cyber Espionage Tactics in IT, Energy, and Pharma

Since at least 2021, a data theft campaign involving targeted attacks across multiple industries in the United States (U.S.), Europe, and Asia has been associated with LilacSquid, a threat actor with a history of cyber espionage. In a new technical analysis released today, Cisco Talos analyst…


0 Comments4 Minutes

Check Point Alerts on VPN Zero-Day Attacks

Check Point has issued a warning regarding a zero-day vulnerability that is currently being exploited in the wild by threat actors. This vulnerability affects the company’s Network Security gateway devices. Affected products include CloudGuard Network, Quantum Maestro, Quantum Scalable…


0 Comments4 Minutes

WordPress Plugin Hack Steals Credit Card Info from E-Shops

WordPress code snippet plugins that are less well-known are being exploited by unknown threat actors to install malicious PHP code on victim websites. This code can harvest credit card information from customers. The campaign, discovered by Sucuri on May 11, 2024, involves the misuse of a WordPress…


0 Comments4 Minutes

New Phishing Techniques: Cloudflare Workers, HTML Smuggling, and GenAI

Phishing efforts that exploit Cloudflare Workers to deliver phishing sites have caught the attention of cybersecurity researchers. These sites are used to collect users’ credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, known as…


0 Comments11 Minutes

Chrome Under Attack – Update ASAP

Google announced on Thursday that it has released patches to fix a significant security flaw in its Chrome browser, which has been actively exploited. The vulnerability, identified as CVE-2024-5274, is a type confusion bug found in the V8 JavaScript and WebAssembly engine. This issue was reported…


0 Comments3 Minutes

A Vulnerability in Apache Flink Is Being Actively Exploited

A Security Vulnerability in Apache Flink Is Being Actively Exploited, Says the CISA The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) list. This update includes a security flaw in Apache Flink, an open-source framework used…


0 Comments4 Minutes