A recently identified vulnerability in VMware ESXi hypervisors has been under active exploitation by several ransomware groups, raising significant concerns among cybersecurity experts. The flaw, detailed under CVE-2024-37085 and assigned a CVSS score of 6.8, enables attackers to bypass Active Directory integration authentication, thus granting them illicit administrative access to…
Microsoft Addresses 61 Security Vulnerabilities in May Patch Update In its latest Patch Tuesday update for May 2024, Microsoft has resolved 61 newly identified security vulnerabilities across its software products, amongst them two zero-day flaws that have been actively exploited in the wild. These updates follow a proactive security strategy…
Check Point has issued a warning regarding a critical zero-day vulnerability affecting its Network Security gateway products, which has already been exploited by cybercriminals in the wild. The vulnerability, designated as CVE-2024-24919 and carrying a CVSS score of 8.6, affects numerous products including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis,…
Title: Sophisticated Cyber Attack Targets Ukraine with Cobalt Strike Payload A recent surge in sophisticated cyber attacks has seen endpoints located in Ukraine specifically targeted for the deployment of the notorious Cobalt Strike malware, raising concerns among cybersecurity experts. According to researchers from Fortinet’s FortiGuard Labs, the attack mechanism begins…
On Tuesday, Microsoft released a set of critical updates addressing a total of 90 security vulnerabilities within its software, including ten zero-day exploits. Notably, six of these zero-days are actively being leveraged in real-world attacks, raising significant concerns regarding the potential for widespread exploitation in the wild. The vulnerabilities span…
Cybersecurity Threat: Surveillance Tool MerkSpy Exploits Microsoft MSHTML Vulnerability Recent reports from Fortinet’s FortiGuard Labs indicate the emergence of a sophisticated surveillance tool known as MerkSpy, which is being used by unidentified threat actors to compromise systems through a now-patched vulnerability in Microsoft’s MSHTML. This malicious campaign is primarily targeting…
ViperSoftX Malware Exploits eBook Distribution for Stealthy PowerShell Execution The sophisticated malware known as ViperSoftX has recently been detected in a new distribution method involving the use of eBooks shared through torrent sites. Since its first identification by Fortinet in 2020, ViperSoftX has become notorious for its ability to exfiltrate…
A recently patched security vulnerability in Microsoft Defender’s SmartScreen has been exploited in a new cyber campaign targeting sensitive information. This campaign has been linked to the distribution of information stealers known as ACR Stealer, Lumma, and Meduza. Researchers from Fortinet FortiGuard Labs report that these attacks are occurring predominantly…
Microsoft Addresses Critical Vulnerabilities in September 2024 Patch Tuesday Update On Tuesday, September 10, 2024, Microsoft announced the identification of three significant security vulnerabilities affecting the Windows operating system, which are now under active exploitation. This disclosure was part of the company’s monthly Patch Tuesday update, highlighting the urgent need…
