Cybersecurity experts are sounding alarms about active exploitation of a critical vulnerability in Anyscale Ray, an open-source artificial intelligence (AI) platform. This unpatched flaw is being used by malicious actors to commandeer computing resources for unauthorized cryptocurrency mining activities. The vulnerability in question, identified as CVE-2023-48022, has attained a notable…
Nokia has reported that the ramifications of a recent source code leak are minimal, a claim suggesting effective measures to mitigate potential risks. This breach primarily concerns the company’s proprietary software and appears to have minimal impact on Nokia’s operational capabilities and customer services. As a major player in the…
HPE Aruba Networking, previously known as Aruba Networks, has recently issued critical security updates addressing significant vulnerabilities within its ArubaOS. These flaws pose a risk that could lead to remote code execution (RCE) on affected systems, making immediate action imperative for businesses reliant on this networking solution. The updates pertain…
An active cyber threat landscape has emerged, revealing a sophisticated campaign targeting the ministries of foreign affairs within NATO-aligned nations, showcasing the involvement of Russian threat actors. Recent phishing attacks have come to light, wherein malicious PDF documents are disguised with diplomatic themes, some appearing to originate from Germany. These…
Indian Government and Energy Sector Targeted in Cyber Espionage Campaign Recent reports indicate that unidentified threat actors have launched sophisticated cyber attacks against various Indian government entities and private energy companies. These attacks aim to implant a modified variant of the open-source infostealer malware known as HackBrowserData, with the objective…
Orrick, Herrington & Sutcliffe LLP has reached a substantial settlement agreement of $8 million to resolve claims stemming from a data breach that occurred in March 2023. This breach reportedly compromised the personal information of approximately 153,000 individuals, raising significant concerns about the law firm’s cybersecurity practices. The US District…
Critical Vulnerability Discovered in Tinyproxy Exposed by Over Half of Public Hosts Recent reports have unveiled a significant security vulnerability within the Tinyproxy service, a widely utilized HTTP/HTTPS proxy tool, affecting over 50% of the 90,310 hosts identified as publicly exposing this service. This unpatched flaw, tracked as CVE-2023-49606, has…
A sophisticated cyberattack campaign emanating from China is currently targeting the gambling industry across Southeast Asia, employing Cobalt Strike beacons to infiltrate compromised systems. According to cybersecurity experts at SentinelOne, the indicators and methodologies associated with this operation suggest involvement from a threat actor group identified as Bronze Starlight, also…
On October 29, 2024, Newpark Resources, a Texas-based provider of essential tools and services to the oil and gas, as well as construction industries, was victimized by a ransomware attack that significantly disrupted its financial and operational analytics systems. This cyber intrusion partially incapacitated the company’s internal network, impacting its…
