Researchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass […]
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral […]
‘ReVault’ Security Flaws Impact Millions of Dell Laptops
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems. ​The original article found on darkreading Read More
Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults
Secrets managers hold all the keys to an enterprise’s kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities. ​The original article found on darkreading […]
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official […]
Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities
The Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and […]
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new […]
ReVault flaws let attackers bypass Windows login or place malware implants on Dell laptops
Flaws in the firmware that ships with more than 100 models of Dell business laptops compromise the hardware designed to secure passwords and biometric data. […]
Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights
Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence. ​The […]
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, […]