A sophisticated malware campaign dubbed SERPENTINE#CLOUD has emerged, leveraging Cloudflare Tunnel infrastructure to deliver Python-based malware to Windows systems across Western nations, including the United […]
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as […]
Jitter-Trap: New Method Uncovers Stealthy Beacon Communications
A groundbreaking detection technique called Jitter-Trap has been unveiled by Varonis Threat Labs, promising to revolutionize how organizations identify one of the most elusive stages in the […]
LogMeIn Remote Access Abused in Targeted System Compromise
A sophisticated cyberattack campaign has been uncovered, leveraging LogMeIn Resolve remote access software to gain unauthorized control over user systems. Security researchers report that the […]
Cisco AnyConnect VPN Flaw Allows Attackers to Launch DoS Attacks
A newly disclosed vulnerability in Cisco’s AnyConnect VPN implementation for Meraki MX and Z Series devices poses a significant risk to enterprise networks, enabling unauthenticated […]
Password Reset Link Poisoning Leads to Full Account Takeover
A critical vulnerability known as Password Reset Link Poisoning has recently come under the spotlight, exposing web users and organizations to the risk of full account takeover. […]
Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any Host
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, posing a significant security threat to websites deployed using the Cloudflare […]
Iran-Israel War Triggers a Maelstrom in Cyberspace
As Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region. ​The original […]
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta Platforms on Wednesday announced that it’s adding support for passkeys, the next-generation password standard, on Facebook. “Passkeys are a new way to verify your […]
Apache Traffic Server Vulnerability Allows DoS Attacks Through Memory Exhaustion
A newly disclosed vulnerability in Apache Traffic Server (ATS) has raised serious concerns among enterprise users and cloud providers, as attackers can exploit a flaw […]