A recent report has highlighted a newly identified variant of DLL (Dynamic Link Library) search order hijacking, a sophisticated technique that cybercriminals may exploit to bypass security measures and execute malicious code on systems utilizing Microsoft Windows 10 and Windows 11. This particular method has drawn concern due to its…
A recent security report reveals that information-stealing malware is exploiting a previously undocumented Google OAuth endpoint known as MultiLogin. This vulnerability allows cybercriminals to hijack user sessions, granting them continuous access to Google services even after victims have conducted password resets. This revelation has raised significant concerns regarding user privacy…
Ivanti has disclosed critical security vulnerabilities within its Endpoint Manager (EPM) solution that pose severe risks to affected systems. This vulnerability, identified as CVE-2023-39336, has received a high-risk CVSS score of 9.6 out of 10, indicating its potential for abuse. The flaw affects both the EPM 2021 and EPM 2022…
Recent findings from cybersecurity researchers have unveiled a sophisticated macOS backdoor known as SpectralBlur, believed to be linked to a malware family associated with North Korean threat actors. This malware serves as a significant indicator of evolving tactics employed against macOS systems, particularly as these operate in sectors deemed high-value…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included six new security vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, citing clear indications of ongoing exploitation. This move emphasizes the necessity for organizations to remain vigilant and proactive in their cybersecurity measures. Among the newly flagged vulnerabilities is…
In a significant update released for January 2024, Microsoft has patched a total of 48 security vulnerabilities across its software ecosystem. This month’s Patch Tuesday includes two flaws classified as Critical and 46 as Important. Notably, there are no indications that any of these vulnerabilities are being actively exploited or…
Cisco Addresses Critical Vulnerability in Unity Connection Software Cisco has announced the availability of software updates in response to a significant security vulnerability affecting its Unity Connection platform. This vulnerability, identified as CVE-2024-20272, has been assigned a CVSS score of 7.3, indicating a critical level of risk. The issue stems…
Recent developments in cybersecurity reveal a critical vulnerability affecting the Apache OfBiz open-source Enterprise Resource Planning (ERP) system. Researchers at VulnCheck have successfully created proof-of-concept (PoC) code exploiting the flaw, identified as CVE-2023-51467. This vulnerability, which carries a CVSS score of 9.8, allows attackers to execute a memory-resident payload, potentially…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially included a critical vulnerability affecting Microsoft SharePoint Server in its Known Exploited Vulnerabilities (KEV) catalog, highlighting evidence of active exploitation within various environments. This vulnerability, identified as CVE-2023-29357, has garnered a significant CVSS score of 9.8, indicating its severity and…
