A newly disclosed, critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) has exposed organizations to the risk […]
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified […]
ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements
A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in […]
Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability
A newly disclosed vulnerability in the Python-based data-exfiltration utility used by the notorious Cl0p ransomware group has exposed the cybercrime operation itself to potential attack. […]
Qantas Airlines Breached, Impacting 6M Customers
Passengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info. ​The original […]
US Treasury Sanctions BPH Provider Aeza Group
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer. ​The original article […]
Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block […]
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. […]
Russian APT ‘Gamaredon’ Hits Ukraine With Fierce Phishing
A Russian APT known as “Gamaredon” is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine. ​The original article found on darkreading […]
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a […]