Cyberattack Campaign Targets Israeli Entities Using Open-Source Tools Cybersecurity analysts have unearthed a sophisticated attack campaign directed at various entities within Israel, utilizing publicly available frameworks such as Donut and Sliver. HarfangLab, a cybersecurity research firm, detailed the operation in a report last week, describing it as highly targeted and…
In a recent statement regarding a cybersecurity incident, MoneyGram International has clarified that there is no indication linking the attack to ransomware activity. This update comes in the wake of heightened scrutiny following reports of unauthorized access to systems and potential data compromises. The target of this breach appears to…
Critical Vulnerability Discovered in Microsoft’s Copilot Studio Cybersecurity experts have revealed a significant security vulnerability impacting Microsoft’s Copilot Studio, raising concerns about the potential for unauthorized access to sensitive data. The flaw, designated as CVE-2024-38206 with a CVSS score of 8.5, is classified as an information disclosure vulnerability related to…
Cybersecurity Threat: Surveillance Tool MerkSpy Exploits Microsoft MSHTML Vulnerability Recent reports from Fortinet’s FortiGuard Labs indicate the emergence of a sophisticated surveillance tool known as MerkSpy, which is being used by unidentified threat actors to compromise systems through a now-patched vulnerability in Microsoft’s MSHTML. This malicious campaign is primarily targeting…
This week, a reader expressed concern over receiving multiple notifications regarding data breaches that may impact their accounts. Over the past few months, they have reported receiving six written notices from various companies, all of which are offering complimentary identity monitoring services through different providers. The reader seeks clarity on…
GitHub has announced a series of critical security updates addressing three vulnerabilities impacting its Enterprise Server (GHES) product. Among these, one flaw is particularly severe and could potentially allow unauthorized users to obtain site administrator privileges. The vulnerability, designated as CVE-2024-6800, has been rated with a CVSS score of 9.5,…
In a significant law enforcement initiative dubbed Operation MORPHEUS, approximately 600 servers utilized by cybercriminal syndicates were dismantled, disrupting a critical component of the infrastructure linked to the Cobalt Strike tool. This crackdown, coordinated by Europol, particularly targeted unlicensed and outdated versions of the Cobalt Strike framework between June 24…
In a recent development reported by AFP, French authorities have been alerted to a potential data breach, raising concerns over the security of sensitive information. The incident underscores the continuing threat that data breaches pose to organizations across various sectors, especially in a digitally connected world. While specific details regarding…
Cybersecurity experts have reported a significant vulnerability within the LiteSpeed Cache plugin for WordPress, one of the platform’s most commonly used caching solutions, boasting over five million active installations. This flaw, identified as CVE-2024-28000, has the potential to enable unauthenticated individuals to obtain administrator access to affected WordPress sites, posing…
