The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a significant vulnerability affecting GitLab in its Known Exploited Vulnerabilities (KEV) catalog, alerting the cybersecurity community to active exploitation. This vulnerability, designated as CVE-2023-7028, carries a CVSS score of 10.0, indicating its critical nature. It permits potential account takeover…
Multiple threat actors are exploiting a significant design vulnerability in Foxit PDF Reader, utilizing it as a conduit for distributing various malware strains, including Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. This exploitation triggers security warnings that can mislead unsuspecting users into executing harmful commands,…
Title: LUCR-3 Threat Actor Targets Fortune 2000 Companies Through Identity Provider Exploitation A recent analysis has unveiled the activities of a financially motivated threat actor known as LUCR-3, which has been linked to a series of cyberattacks targeting high-profile organizations across various sectors. This actor exploits vulnerabilities within Identity Providers…
CatDDoS Botnet Leverages Security Flaws for DDoS Attacks In a concerning development in the cybersecurity landscape, the CatDDoS malware botnet has been found to exploit more than 80 vulnerabilities across a range of software applications in just the last three months. Cybercriminals are utilizing these security loopholes to target susceptible…
The Importance of Effective Offboarding Practices in Mitigating Insider Risks A recent analysis by Wing Security has revealed a concerning trend in corporate data security: approximately 63% of businesses might have former employees still authorized to access sensitive organizational data. This statistic underscores the pressing need for businesses to automate…
Microsoft Addresses 51 Vulnerabilities in June Patch Tuesday Update In its latest Patch Tuesday update for June 2024, Microsoft has rolled out security updates to address 51 vulnerabilities across its products. Among these, one vulnerability has been classified as Critical, while the remaining 50 are deemed Important. This release also…
GitLab Security Updates Address Critical Vulnerabilities in CI/CD Pipelines GitLab has announced a series of security updates aimed at rectifying 14 identified vulnerabilities within its software, including a severe flaw that poses a significant risk to its continuous integration and deployment (CI/CD) pipelines. The updates, which target both the GitLab…
In a recent incident highlighting the fragility of sensitive data security in major corporations, Disney has become the latest victim of a significant data breach. The attack was executed by a hacktivist group named NullBulge, which managed to infiltrate Disney’s internal communications within its Slack messaging platform, extracting over 1.2…
Internet Archive Faces Third Security Breach in Escalating Cyberattack Series On October 20, 2024, the Internet Archive confirmed a third significant breach as part of a concerning trend of cyberattacks against the nonprofit digital library, which is based in the United States. The latest compromise resulted from hackers exploiting a…
