-
Windows MSHTML zero-day used in malware attacks for over a year
Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.
- July 10, 2024
- 12:04 PM
5
-
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
- July 09, 2024
- 01:21 PM
2
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
RCE bug in widely used Ghostscript library now exploited in attacks
A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks.
- July 08, 2024
- 12:26 PM
- 1
-
Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.
- July 04, 2024
- 08:33 AM
- 0
-
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
- June 29, 2024
- 11:18 AM
- 2
-
Hackers target new MOVEit Transfer critical auth bypass bug
Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday.
- June 26, 2024
- 10:49 AM
- 2
-
Facebook PrestaShop module exploited to steal credit cards
Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.
- June 23, 2024
- 10:08 AM
- 0
-
SolarWinds Serv-U path traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.
- June 20, 2024
- 11:45 AM
- 0
-
Black Basta ransomware gang linked to Windows zero-day attacks
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.
- June 12, 2024
- 06:00 AM
- 0
-
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.
- June 11, 2024
- 10:25 AM
- 0
-
CISA warns of actively exploited Linux privilege elevation flaw
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.
- May 31, 2024
- 03:30 PM
- 0
-
Check Point VPN zero-day exploited in attacks since April 30
Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks.
- May 29, 2024
- 03:39 PM
- 0
-
Check Point releases emergency fix for VPN zero-day exploited in attacks
Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.
- May 29, 2024
- 09:31 AM
- 0
-
Google fixes eighth actively exploited Chrome zero-day this year
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild.
- May 24, 2024
- 05:30 AM
- 0
-
CISA warns of hackers exploiting Chrome, EoL D-Link bugs
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.
- May 19, 2024
- 10:17 AM
- 0
-
Google fixes third actively exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
- May 15, 2024
- 06:36 PM
- 3
-
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
- May 14, 2024
- 02:18 PM
- 0
-
Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
- May 14, 2024
- 04:10 AM
- 0
-
Apple backports fix for zero-day exploited in attacks to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks.
- May 13, 2024
- 05:47 PM
- 0
-
Google fixes fifth Chrome zero-day exploited in attacks this year
Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year.
- May 10, 2024
- 04:08 AM
- 1
