• CybersecurityNews

Even with Slack, Teams, and every new communication tool out there, email remains the top attack vector for businesses. Why? Because it’s familiar, trusted, and easy to exploit. One convincing message ... Read more

• VMRay

The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking an ... Read more

• Daily CyberSecurity

Kaspersky’s latest “Exploits and vulnerabilities in Q1 2025” shows that attackers are doubling down on aging exploits, platform-specific weaknesses, and mismanaged updates. With over 9,700 vulnerabili ... Read more

• The Hacker News

Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at ba ... Read more

• Kaspersky

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the ... Read more

• europa.eu

Cyber Brief (April 2025)May 2, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 311 open source reports for this Cyber Brief1.Policy, cooperation, and law enforcement. The FBI sought help to ide ... Read more

• Cyber Security News

A sophisticated phishing campaign exploiting a nearly 8-year-old Microsoft Office vulnerability to distribute the dangerous XLoader information stealer. The attack leverages CVE-2017-11882, a memory c ... Read more

• Cyber Security News

Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspectin ... Read more

• The Hacker News

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft ... Read more

• Cyber Security News

A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote D ... Read more

• Daily CyberSecurity

A new cybersecurity report from the AhnLab Security intelligence Center (ASEC) has shed light on a recently identified operation linked to the notorious Kimsuky group. Dubbed “Larva-24005,” this campa ... Read more

• BleepingComputer

Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers at Kaspersky's Glob ... Read more

• The Hacker News

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files ... Read more

• The Cyber Express

The Black Basta ransomware group has fallen off dramatically in 2025, and chat logs leaked recently show that internal squabbling may be behind the group’s slowed activity. Cyble threat intelligence r ... Read more

• Kaspersky

Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Conce ... Read more

• The Cyber Express

Microsoft’s Patch Tuesday for February 2025 fixes four zero-day vulnerabilities, including two under active attack, plus another eight flaws judged to be at high risk of attack. In all, the Patch Tues ... Read more

• The Cyber Express

Apple has issued emergency updates to fix a critical security flaw that is actively being exploited in iOS and iPadOS. On February 10, the tech giant released out-of-band security patches to address a ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CV ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In) has issued a vulnerability note (CIVN-2025-0016) highlighting a series of Mozilla vulnerability, including Firefox and Thunderbird. These vulnerab ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding several new vulnerabilities that have been actively exploit ... Read more

• The Cyber Express

A new set of critical vulnerabilities has been identified in Contec Health’s CMS8000 Patient Monitor, posing significant cybersecurity and patient safety risks. These vulnerabilities, which have recei ... Read more

• The Cyber Express

As we step into 2025, the cybersecurity landscape is evolving at an unprecedented pace. The frequency of cyberattacks continues to rise, with organizations facing an average of 1,308 attacks per week ... Read more

• The Cyber Express

Cisco has issued a security advisory regarding a critical privilege escalation vulnerability found in Cisco Meeting Management. The vulnerability is tied to the REST API component of the platform, and ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly issued a Cybersecurity Advisory to address the active exploitation of critical vu ... Read more

• The Cyber Express

Every day, hundreds of new Common Vulnerabilities and Exposures (CVEs) are published, many of which target critical systems that keep businesses and governments operational. For cybersecurity professi ... Read more

• The Cyber Express

Mozilla Firefox and Thunderbird users are facing a series of high-severity vulnerabilities that could leave systems open to exploitation. The Indian Computer Emergency Response Team (CERT-In) issued a ... Read more

• The Cyber Express

A security vulnerability has been identified in the CP Plus CP-XR-DE21-S Router, which could potentially expose sensitive user information and compromise system integrity. This CP Plus Router vulnerab ... Read more

• The Cyber Express

Yubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This iss ... Read more

• The Hacker News

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid m ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new tool aimed at strengthening the cybersecurity resilience of AI systems. The AI Cybersecurity Collaboration Playbook, deve ... Read more

• The Cyber Express

Microsoft’s Patch Tuesday update for January 2025 patches 159 vulnerabilities, including eight zero-days, three of which are being actively exploited. The Microsoft January 2025 Patch Tuesday release ... Read more

• The Cyber Express

Ivanti has released patches to address two significant vulnerabilities in its Ivanti Connect Secure, Policy Secure, and ZTA Gateways products. These Ivanti vulnerabilities, identified as CVE-2025-0282 ... Read more

• The Cyber Express

The BayMark Health Services, Inc. has reported a data breach to the California Attorney General, revealing that an unauthorized party had accessed sensitive files within the company’s computer network ... Read more

• The Cyber Express

The rise of cyberattacks has changed the dynamics of global industries, with cybercriminals increasingly targeting sectors that hold vast amounts of sensitive data, financial resources, or critical in ... Read more

• The Hacker News

2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will con ... Read more

• The Cyber Express

Cybersecurity professionals are the frontline warriors combating hackers, hacktivists, and ransomware groups. To fight with these cyber criminals, the world needs cybersecurity expertise who can acces ... Read more

• The Cyber Express

As the world welcomed the New Year, cybersecurity experts had little reason to celebrate. On January 1, 2025, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert about a ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding a newly discovered vulnerability in Palo Alto Networks’ PAN-OS vers ... Read more

• The Cyber Express

In 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) continued to build on its critical cybersecurity initiative by expanding its Known Exploited Vulnerabilities (KEV) catalog. Th ... Read more

• The Cyber Express

The Cyber Security Agency of Singapore has issued a warning about several critical vulnerabilities found in Apache software products. The Apache Software Foundation has rolled out security patches add ... Read more

• The Hacker News

Cyber Attack / Data Theft The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen ... Read more

• The Cyber Express

Adobe has issued an urgent security advisory to address a critical vulnerability in Adobe ColdFusion, affecting versions 2023 and 2021. This vulnerability, tracked as CVE-2024-53961, is linked to a pa ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability, CVE-2021-44207, to its Known Exploited Vulnerabilities (KEV) Catalog. This action follows ... Read more

• The Cyber Express

The latest Sensor Intelligence Report from Cyble, dated December 4–10, 2024, sheds light on a troubling increase in cyber threats, including malware intrusions, phishing scams, and attacks targeting v ... Read more

• The Hacker News

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the ... Read more

• The Cyber Express

Microsoft’s December Patch Tuesday update, the last one of 2024, addresses a massive number of vulnerabilities, including 71 newly identified flaws across various products. As part of the regular Dece ... Read more

• The Cyber Express

Cyble researchers have detected a new campaign targeting Russia by the hacktivist group Head Mare that uses a disguised LNK file to hide an executable. The campaign is also noteworthy for its ability ... Read more

• The Cyber Express

QNAP NAS systems, widely regarded for their reliability in personal and enterprise data storage, have recently come under scrutiny due to multiple critical vulnerabilities. These QNAP NAS vulnerabilit ... Read more

• The Cyber Express

A critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has bee ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In), the national nodal agency for responding to cybersecurity threats, has issued a vulnerability note (CIVN-2024-0355) highlighting an information d ... Read more

• Kaspersky

Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mit ... Read more

• The Cyber Express

Veeam has published a critical advisory regarding severe vulnerabilities affecting its Veeam Service Provider Console (VSPC), particularly impacting version 8.1.0.21377 and earlier builds from version ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three critical vulnerabilities that are being actively exploited ... Read more

• Cybersecurity News

Attack flow | Image: FortiGuard LabsA recent report by FortiGuard Labs has highlighted a targeted cyberattack involving the infamous SmokeLoader malware. This campaign, observed in September 2024, aim ... Read more

• Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News

SUMMARY Targeted Campaign: SmokeLoader malware attacks Taiwanese industries, including manufacturing, healthcare, and IT. Phishing Emails: The campaign uses phishing emails exploiting MS Office vulner ... Read more

• The Hacker News

Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its ve ... Read more

• The Cyber Express

A recent Cyble ICS vulnerabilities report sheds light on several critical vulnerabilities in industrial control systems (ICS) from major vendors including Schneider Electric, mySCADA, and Automated Lo ... Read more

• The Cyber Express

Zyxel Firewalls have become a key target in recent cyberattacks, with attackers exploiting a critical vulnerability to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued ... Read more

• The Cyber Express

The Australian government has passed the new Cyber Security Act, which was recently approved by Parliament. One of the most critical provisions of this new law mandates that organizations must report ... Read more

• The Cyber Express

Oracle’s Agile Product Lifecycle Management (PLM) software has been flagged for a security vulnerability (CVE-2024-21287) by CERT-In (Computer Emergency Response Team – India). The vulnerability, cata ... Read more

• The Cyber Express

A Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities—one in Mozilla Firefox and anoth ... Read more

• The Cyber Express

Artificial Intelligence (AI) has become a critical enabler across sectors, reshaping industries from healthcare to transportation. However, with its transformative potential comes a spectrum of safety ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw, CVE-2023-28461, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability i ... Read more

• The Cyber Express

Apple recently rolled out a security update that addresses critical vulnerabilities in multiple Apple devices. Released on November 19, the Apple security update impacts various platforms, including i ... Read more

• The Cyber Express

An alarming set of chained vulnerabilities in Palo Alto Networks’ PAN-OS software has sparked concerns that attackers could seize administrator privileges through an authentication bypass. The first v ... Read more

• The Cyber Express

The Computer Emergency Response Team of India (CERT-In) has issued a high-severity alert regarding a newly identified vulnerability in Cisco’s Enterprise Chat and Email (ECE) platform. Tagged as CERT- ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a series of security advisories, shedding light on several critical vulnerabilities affecting Industrial Control Systems ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active ... Read more

• The Cyber Express

The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more

• The Cyber Express

Microsoft rolled out its monthly security updates as part of the Microsoft November 2024 Patch Tuesday cycle. The company addressed a total of 91 vulnerabilities, with four of them being classified as ... Read more

• The Cyber Express

Hewlett Packard Enterprise (HPE) has issued critical security patches to address several vulnerabilities affecting its Aruba Networking Access Point products. These vulnerabilities (CVE-2024-42509 and ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about newly discovered vulnerabilities in Google Chrome that could pose significant risks to users. These vulnerabilities, id ... Read more

• The Cyber Express

A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in th ... Read more

• The Cyber Express

A severe security flaw in outdated D-Link network-attached storage (NAS) devices leaves over 61,000 units exposed online with no patches. Researchers have identified a command injection vulnerability ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued multiple advisories alerting the public to critical vulnerabilities affecting industrial control systems (ICS) equipment deploye ... Read more

• The Cyber Express

A missing authentication flaw in Palo Alto Networks’ Expedition tool now jeopardizes firewall configurations across sectors, with attackers actively exploiting this vulnerability in the wild. The U.S. ... Read more

• The Cyber Express

Cisco’s Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points contain a severe vulnerability that potentially allows attackers to execute commands with root pr ... Read more

• The Cyber Express

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more

• The Cyber Express

Cyble Research & Intelligence Labs (CRIL) has released a new report focusing on critical Industrial Control System (ICS) vulnerabilities, with insights derived from recent advisories issued by the Cyb ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog following confirmed reports of active ex ... Read more

• The Cyber Express

The ‘FortiJump’ vulnerability in Fortinet’s FortiManager management platform may not have been completely fixed by the company’s patch issued last month. A screen recording posted to X (formerly known ... Read more

• The Cyber Express

In the latest edition of Cyble’s weekly sensor intelligence report, cybersecurity experts revealed a concerning surge in attacks targeting the LightSpeed Cache and GutenKit WordPress plugins. As the r ... Read more

• The Cyber Express

Cyble Research and Intelligence Labs (CRIL) has identified new IT vulnerabilities affecting Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 hi ... Read more

• The Cyber Express

Nearly 1 million Fortinet and SonicWall devices with actively exploited vulnerabilities are exposed on the internet, according to Cyble’s weekly vulnerability report published today. The report also l ... Read more

• The Cyber Express

Apple has launched the highly anticipated visionOS 2.1 update for its innovative mixed reality headset, the Apple Vision Pro. This update is particularly important as it addresses a range of Apple Vis ... Read more

• The Cyber Express

In an era where the Internet of Things (IoT) promises convenience and efficiency, the rapid adoption of smart home technology comes with hidden security risks. From smart fridges to light bulbs, IoT d ... Read more

• The Cyber Express

Ukraine is confronting a new cyberattack vector from Russian military intelligence (GRU) connected hackers that is targeting local governments. The Computer Emergency Response Team of Ukraine (CERT-UA ... Read more

• The Cyber Express

Cisco Systems released a critical advisory regarding a vulnerability in the Remote Access VPN (RAVPN) service associated with its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) s ... Read more

• The Cyber Express

Cyble vulnerability intelligence unit has shared a report, detailing the recent cyberattacks on the Spring Java framework and hundreds of thousands of Internet of Things (IoT) devices. The report shed ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA), on October 22, 2024, issued a new advisory targeting Industrial Control Systems (ICS). One of the most significant vulnerabilities highligh ... Read more

• The Cyber Express

Bitdefender has recently alerted users to critical vulnerabilities within Bitdefender Total Security and SafePay, necessitating immediate action to protect against online threats. These Bitdefender vu ... Read more

• The Cyber Express

Splunk has recently issued a security advisory aimed at addressing multiple vulnerabilities within its Splunk Enterprise software. The advisory categorizes these Splunk vulnerabilities into three main ... Read more

• The Cyber Express

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog-CVE-2024-9537. This vulnerability affects ScienceLogic SL1 ( ... Read more

• The Cyber Express

Cyble’s weekly sensor report is an always fascinating look at the vulnerabilities that threat actors are actively exploiting. While new vulnerabilities are quickly exploited, older ones are still expl ... Read more

• The Cyber Express

A new security risk has emerged in the Kubernetes Image Builder, posing a critical threat to organizations that utilize this tool for managing their containerized environments. The Kubernetes Image Bu ... Read more

• The Cyber Express

GitHub has released a critical security advisory highlighting vulnerabilities that merit immediate action from users of GitHub Enterprise Server (GHES). The advisory focuses on a GitHub vulnerability ... Read more

• The Hacker News

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Afri ... Read more

• The Cyber Express

Veeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Common Vulnerability Scoring System (CVSS) score of 9.8 ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizatio ... Read more

• Dark Reading

Source: Papilio via Alamy Stock PhotoThe elusive, India-based advanced persistent threat (APT) group SideWinder has unleashed a new flurry of attacks against high-profile entities and strategic infras ... Read more

• Cybersecurity News

The SideWinder Advanced Persistent Threat (APT) group, also known as T-APT-04 or RattleSnake, has been a relentless actor in the global cyber espionage landscape since its emergence in 2012. Though in ... Read more

• Kaspersky

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched ... Read more

• The Cyber Express

Cyble’s Vulnerability Intelligence unit has spotlighted a series of cyberattacks targeting critical vulnerabilities in various software systems, including the Ruby SAML library, D-Link NAS devices, an ... Read more

• The Cyber Express

Adobe announced a series of important security updates aimed at addressing several vulnerabilities across its product suite. These vulnerabilities could potentially allow cybercriminals to execute arb ... Read more

• The Cyber Express

Microsoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s Microsoft Patch Tuesday update includes three vulnerabilities ... Read more

• The Cyber Express

Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them ... Read more

• The Cyber Express

Qualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, has brought to light concerns surrounding the safet ... Read more

• The Cyber Express

Apple has released new updates for iOS and iPadOS to fix two important security problems affecting many iPhone and iPad models. These Apple updates, now available as iOS 18.0.1 and iPadOS 18.0.1, fix ... Read more

• The Cyber Express

Cyble researchers had a busy week, investigating 19 vulnerabilities in the week ended Oct.1 and flagging eight of them as high priority. Cyble’s weekly IT vulnerability report also noted that research ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations about an active exploitation of a vulnerability in Ivanti Endpoint Manager (EPM). This critical flaw, tracked as C ... Read more

• The Cyber Express

Google recently addressed a flaw within cellular modem vulnerabilities that can pose risk to smartphone users. The cellular baseband is responsible for handling all cellular communications, including ... Read more

• The Cyber Express

A critical remote code execution (RCE) vulnerability in Zimbra email servers is under active attack, and users are urged to patch immediately. Zimbra is already a popular target for hackers – CISA’s K ... Read more

• The Cyber Express

It is not just enough to surf the internet, but equally important to safeguard its boundaries. However, a latest survey has exposed the knowledge and preparedness of internet users. It was found that ... Read more

• The Cyber Express

A new vulnerability in NVIDIA’s software impacts over 35% of cloud environments. The NVIDIA vulnerability, designated as CVE-2024-0132, is linked to the NVIDIA Container Toolkit, a widely utilized fra ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In) has reported multiple high-severity vulnerabilities in Apex Softcell’s mobile stock trading and back-office platforms. The Apex Softcell vulnerabi ... Read more

• The Cyber Express

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University issued a warning about a security flaw in the Microchip Advanced Software Framework (ASF). This Microchip vulnerability, tracked as ... Read more

• The Cyber Express

Vulnerabilities in Versa Director are never a small matter, as the platform manages network configurations for Versa’s SD-WAN software – which is often used by internet service providers (ISPs) and ma ... Read more

• The Cyber Express

Quantum computing revolutionizes various fields, leveraging the unique properties of quantum mechanics. Its impact on cybersecurity, however, presents both significant risks and opportunities. Traditi ... Read more

• The Cyber Express

The Browser Company has announced a security vulnerability in the Arc browser, CVE-2024-45489. The Arc browser vulnerability was discovered on August 25, 2024, and was addressed within a day, ensuring ... Read more

• The Cyber Express

UNC1860, an Iranian state-sponsored threat actor, has emerged as a formidable cyber force in the Middle East. Likely tied to Iran’s Ministry of Intelligence and Security (MOIS), UNC1860 group is known ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the continued threat that these securit ... Read more

• The Cyber Express

U.S. intelligence agencies issued a warning today about a Chinese botnet that has compromised 260,000 devices around the globe, including small office/home office (SOHO) routers, firewalls, network-at ... Read more

• The Cyber Express

Apple has officially released iOS 18, which is the latest software update for iPhones and iPads. While the software introduces exciting new features, the most critical part of this update lies in its ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In), functioning under the Ministry of Electronics and Information Technology, has issued a high-severity warning aimed at users operating Android OS ... Read more

• The Cyber Express

GitLab has released critical patch updates across its Community Edition (CE) and Enterprise Edition (EE) to address security vulnerabilities and bugs. The GitLab critical patch release includes vital ... Read more

• The Cyber Express

The second Tuesday of September has once again proven to be a significant date for cybersecurity with Microsoft’s latest Patch Tuesday update. This month’s release is dominated by a daunting array of ... Read more

• The Cyber Express

A security vulnerability, identified as CVE-2024-7591, has been disclosed affecting all versions of LoadMaster and the LoadMaster Multi-Tenant (MT) hypervisor. The LoadMaster vulnerability is critical ... Read more

• The Cyber Express

IBM has revealed several severe vulnerabilities within its webMethods Integration Server, a platform widely utilized for integration and API management. These IBM webMethods Integration vulnerabilitie ... Read more

• The Cyber Express

Popular open-source enterprise Resource Planning (ERP) system, Apache OFBiz, recently discovered harboring a critical Remote Code Execution (RCE) vulnerability. Tracked as CVE-2024-45195, the Apache O ... Read more

• The Cyber Express

Veeam has published a new Security Bulletin addressing multiple critical vulnerabilities across its suite of products. The Veeam security bulletin, identified as KB ID: 4649, includes updates on Veeam ... Read more

• The Cyber Express

Zyxel Networks has recently issued a critical alert regarding several high-risk vulnerabilities affecting their firewall products. This warning comes as part of a broader security advisory that highli ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-IN) has issued advisories regarding critical vulnerabilities affecting several Palo Alto Networks applications. These vulnerabilities could allow atta ... Read more

• The Cyber Express

Canonical has rolled out essential security updates for Ubuntu, addressing multiple Linux kernel vulnerabilities that also impact Amazon Web Services (AWS). These issues, which involve race conditions ... Read more

• The Cyber Express

The Shoshone-Bannock Tribes have confirmed a cybersecurity incident that disrupted their operations on the Fort Hall Reservation in Idaho. The Shoshone-Bannock Tribes cyberattack, reported on August 2 ... Read more

• The Cyber Express

In a recent attack, a North Korean threat actor leveraged a zero-day vulnerability in Google’s Chromium browser to deploy the FudModule rootkit, targeting cryptocurrency firms for financial gain. Micr ... Read more

• The Cyber Express

A sophisticated cyberespionage campaign targeting East Asian countries has been uncovered, with the APT-C-60 group exploiting a zero-day vulnerability in WPS Office to deploy the notorious SpyGlace ba ... Read more

• The Cyber Express

Recent security findings reveal that Progress Software’s WhatsUp Gold, a prominent enterprise network monitoring and management solution, harbors significant vulnerabilities that could lead to full sy ... Read more

• The Cyber Express

Researchers have discovered a botnet campaign that is exploiting several vulnerabilities, including a zero-day vulnerability (CVE-2024-7029) in AVTECH closed-circuit television (CCTV) cameras that cou ... Read more

• The Cyber Express

Google has identified a connection between Russian state hackers and exploits that bear an “identical or strikingly similar” resemblance to those created by spyware companies NSO Group and Intellexa, ... Read more

• The Cyber Express

A shadowy group of Iranian cyber actors is acting as access brokers for ransomware gangs and collaborating with affiliates to target the U.S. and its allies, exploiting vulnerabilities across sectors ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a security vulnerability affecting Apache OFBiz, the open-source enterprise resource planning (ERP) system. This Apache OFB ... Read more

• The Cyber Express

A critical vulnerability has been discovered in the WPML (WordPress Multilingual) plugin, exposing millions of WordPress websites to potential Remote Code Execution (RCE) attacks. This WPML Plugin Fla ... Read more

• The Cyber Express

A zero-day vulnerability in Versa Director servers is proof that a vulnerability doesn’t require a critical severity rating and thousands of exposures to do significant damage. CVE-2024-39717, announc ... Read more

• The Hacker News

Cyber Espionage / Malware Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate ... Read more

• The Cyber Express

Google recently addressed a critical zero-day vulnerability in its Chrome browser, identified as CVE-2024-7965. This high-severity flaw, affecting versions of Chrome prior to 128.0.6613.84, has been a ... Read more

• Kaspersky

Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a gener ... Read more

• The Cyber Express

The GiveWP plugin, a widely used donation and fundraising tool for WordPress, has recently undergone a crucial update to address a severe security flaw. This GiveWP vulnerability, discovered by the re ... Read more

• The Cyber Express

Researchers have uncovered a new campaign by SideWinder, a nation-state threat actor believed to originate from India that has been active since 2012. Analysis of phishing emails suggests the campaign ... Read more