A significant extortion campaign has emerged, targeting various organizations by exploiting publicly accessible environment variable files (commonly ending in .env) that contain sensitive credentials for cloud and social media applications. This alarming trend underscores the vulnerabilities in data security practices across industries. According to a report by Palo Alto Networks’…
OpenSSH Vulnerability Exposes Critical Risk to Linux Systems In a significant development for cybersecurity, the maintainers of OpenSSH have issued urgent security updates addressing a severe vulnerability that may allow unauthenticated remote code execution with root-level access on glibc-based Linux systems. This vulnerability, designated CVE-2024-6387 and dubbed "regreSSHion," resides within…
The Mispadu banking Trojan has been identified as leveraging a recently patched vulnerability in Windows SmartScreen to target users in Mexico. This malware, which first appeared in 2019, has evolved into a new variant that cybercriminals are utilizing to gain unlawful access to sensitive information. According to a report from…
Palo Alto Networks has issued critical security updates in response to five vulnerabilities affecting its products, including a significant flaw that poses an authentication bypass risk. This vulnerability, identified as CVE-2024-5910, has been assigned a high CVSS score of 9.3 and pertains to a missing authentication issue in the Expedition…
Palo Alto Networks has issued an urgent warning regarding a critical vulnerability affecting its PAN-OS software utilized in GlobalProtect gateways, noting that this flaw is currently being actively exploited in the wild. Designated as CVE-2024-3400, this vulnerability carries a maximum CVSS score of 10.0, underscoring its potential severity and urgency…
A significant cyber threat has emerged, characterized by the exploitation of a recently uncovered zero-day vulnerability in Palo Alto Networks PAN-OS software. This flaw has been active since March 26, 2024, well before its public disclosure, which occurred yesterday. Unit 42, a division of Palo Alto Networks, has initiated a…
Palo Alto Networks has issued urgent hotfixes in response to a critical security vulnerability affecting its PAN-OS software that is currently being exploited in live environments. This vulnerability, identified as CVE-2024-3400, has received the highest severity rating with a CVSS score of 10.0. It involves a command injection flaw within…
A recent malware campaign has targeted Cisco networking equipment, exploiting two previously unknown vulnerabilities identified as zero-day flaws to deliver customized malware and conduct covert data collection in targeted environments. Cisco Talos, naming this operation “ArcaneDoor,” has attributed the attacks to UAT4356, an advanced state-sponsored group also known as Storm-1849…
Docker Warns of Critical Flaw in Docker Engine Docker has issued an urgent alert regarding a significant vulnerability affecting various versions of the Docker Engine. This flaw could allow attackers to bypass authorization plugins (AuthZ) under certain conditions, posing a serious security risk for users. Labeled as CVE-2024-41110, this bypass…
