Internet Security

Malicious packages in the NPM designed for highly-targeted attacks

August 4, 2023 add comment
Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of... Read more »

Attackers use dynamic code loading to bypass Google Play store’s malware detections

August 4, 2023 add comment
Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT) revealed that threat actors... Read more »

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

August 4, 2023 add comment
CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in... Read more »

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

August 3, 2023 add comment
Experts warn that decommissioned medical infusion pumps sold via the secondary market could expose Wi-Fi configuration settings. The sale of decommissioned medical infusion pumps through the secondary market may... Read more »

OWASP Top 10 for LLM (Large Language Model) applications is out!

August 3, 2023 add comment
The OWASP Top 10 for LLM (Large Language Model) Applications version 1.0 is out, it focuses on the potential security risks when using LLMs. OWASP released the OWASP Top 10... Read more »

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug

August 3, 2023 add comment
Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively... Read more »

Russian APT29 conducts phishing attacks through Microsoft Teams

August 3, 2023 add comment
Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29  (aka SVR group, Cozy Bear, Nobelium, Midnight... Read more »

Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks

August 2, 2023 add comment
Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Security researchers from the non-profit organization Shadowserver Foundation reported that hundreds... Read more »

Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign

August 2, 2023 add comment
Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce... Read more »

Burger King forgets to put a password on their systems, again

August 2, 2023 add comment
The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original post @https://cybernews.com/security/burger-king-data-leak/ Burger King... Read more »
Subscribe to our Newsletter