Category vulnerabilities

DarkGate Malware Targets Recently Patched Microsoft Vulnerability in Zero-Day Attack

A recently identified malware campaign, dubbed DarkGate, has raised alarms in the cybersecurity community. It exploits a now-patched security vulnerability in Microsoft Windows, known as CVE-2024-21412, which was used as a zero-day attack vector through fraudulent software installers. This incident was first observed in mid-January 2024, wherein attackers deceived users…

Read MoreDarkGate Malware Targets Recently Patched Microsoft Vulnerability in Zero-Day Attack

Researchers Uncover Kubernetes Vulnerability Allowing Windows Node Takeover

A significant vulnerability recently disclosed in Kubernetes has raised alarms due to its potential for enabling remote code execution with elevated privileges. This vulnerability, labeled as CVE-2023-5528, affects all kubelet versions from 1.8.0 onwards and has been assigned a CVSS score of 7.2, indicating its severity. According to Akamai security…

Read MoreResearchers Uncover Kubernetes Vulnerability Allowing Windows Node Takeover

Malicious Ads Target Chinese Users with Counterfeit Notepad++ and VNote Installers

Cybersecurity Warning: Malicious Ads Target Chinese Users of Notepad++ and VNote Recent reports indicate a concerning trend wherein Chinese users searching for legitimate software such as Notepad++ and VNote are being targeted by malicious advertisements. These ads lead to fraudulent links that distribute trojanized versions of the software, culminating in…

Read MoreMalicious Ads Target Chinese Users with Counterfeit Notepad++ and VNote Installers

Urgent Notice: WordPress Admins Advised to Uninstall miniOrange Plugins Due to Serious Vulnerability

In a significant development for WordPress users, a critical security vulnerability has been identified in miniOrange’s Malware Scanner and Web Application Firewall plugins, prompting an urgent recommendation for website owners to uninstall these tools. The detected flaw, designated as CVE-2024-2172, scores a staggering 9.8 on the CVSS scale, representing a…

Read MoreUrgent Notice: WordPress Admins Advised to Uninstall miniOrange Plugins Due to Serious Vulnerability

Fortra Addresses Critical RCE Vulnerability in FileCatalyst Transfer Tool

Critical Security Flaw Discovered in Fortra FileCatalyst Exposes Servers to Remote Code Execution Fortra has disclosed a significant security vulnerability affecting its FileCatalyst file transfer solution, which could enable unauthenticated attackers to execute malicious code on vulnerable servers. This vulnerability, assigned the identifier CVE-2024-25153, has received a high severity rating…

Read MoreFortra Addresses Critical RCE Vulnerability in FileCatalyst Transfer Tool

APIs Fuel Most Internet Traffic—And Cybercriminals are Exploiting This Vulnerability

Application Programming Interfaces (APIs) serve a crucial role in digital transformation by facilitating data exchange between applications and databases. According to the recent State of API Security in 2024 Report published by Imperva, a Thales company, API calls accounted for a staggering 71% of internet traffic in 2023. Enterprises witnessed…

Read MoreAPIs Fuel Most Internet Traffic—And Cybercriminals are Exploiting This Vulnerability

Atlassian Addresses Over 24 Vulnerabilities, Highlighting Critical Bug in Bamboo

Atlassian Issues Critical Patches for Vulnerability in Bamboo Data Center and Server Atlassian has announced the release of security patches addressing over two dozen vulnerabilities, with a significant focus on a critical flaw affecting its Bamboo Data Center and Server products. This vulnerability, tracked as CVE-2024-1597, has been assigned a…

Read MoreAtlassian Addresses Over 24 Vulnerabilities, Highlighting Critical Bug in Bamboo

Ivanti Issues Emergency Patch for Critical Sentry RCE Vulnerability

Ivanti has recently revealed a critical remote code execution vulnerability affecting its Standalone Sentry product, emphasizing the urgency for clients to implement the necessary patches to mitigate potential cybersecurity threats. This vulnerability, identified as CVE-2023-41724, has been scored with a CVSS rating of 9.6, indicating its severity. The flaw allows…

Read MoreIvanti Issues Emergency Patch for Critical Sentry RCE Vulnerability