Recent cybersecurity intelligence has revealed that the infamous Lazarus Group has exploited a newly patched privilege escalation vulnerability in the Windows Kernel as a zero-day attack. This exploit allows the adversaries to gain kernel-level access, enabling them to disable crucial security software on affected systems. The vulnerability, identified as CVE-2024-21338…
Recent investigations have revealed the presence of up to 100 malicious artificial intelligence and machine learning models hosted on the Hugging Face platform. These models pose significant risks, as they can execute unauthorized code through the loading of specific pickle files, according to software supply chain security firm JFrog. Senior…
Recently, JetBrains disclosed critical security vulnerabilities in its TeamCity On-Premises software that pose serious risks to users. These vulnerabilities, identified as CVE-2024-27198 with a CVSS score of 9.8, and CVE-2024-27199 with a score of 7.3, were resolved in version 2023.11.4, which affects all TeamCity versions up to 2023.11.3. The vulnerabilities…
Apple Releases Critical Security Updates to Address Exploited Vulnerabilities Apple has issued new security updates aimed at mitigating significant flaws in its operating systems, including vulnerabilities that have reportedly been exploited in the wild. The updates come in response to the discovery of two critical memory corruption issues affecting the…
VMware Addresses Critical Security Vulnerabilities VMware has issued urgent patches to remediate four notable security vulnerabilities affecting its ESXi, Workstation, and Fusion products. Among these, two critical vulnerabilities could potentially enable attackers to execute arbitrary code on affected systems. These vulnerabilities, identified as CVE-2024-22252 and CVE-2024-22253, pertain specifically to use-after-free…
Recent reports indicate a wave of attacks targeting Facebook users through malicious messaging tactics. Threat actors are utilizing a Python-based information stealer identified as Snake, which is specifically engineered to capture user credentials and sensitive information. According to Cybereason researcher Kotaro Ogino, the stolen credentials are sent to various platforms,…
Recent Threats Targeting WordPress Sites via Distributed Brute-Force Attacks Recent findings from cybersecurity firm Sucuri have unveiled a significant threat facing WordPress website owners. A new wave of brute-force attacks has emerged, employing malicious JavaScript injections that exploit unknowing visitors’ browsers. The research indicates that these attacks constitute distributed brute-force…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently highlighted a significant security vulnerability affecting JetBrains TeamCity On-Premises software, categorizing it as a known exploited vulnerability in its catalog. This classification is based on concrete evidence of active exploitation in the wild. The identified flaw, designated CVE-2024-27198, has a…
Cisco Addresses Critical Security Flaw in Secure Client Software Cisco has recently issued patches to rectify a significant vulnerability in its Secure Client software, which poses a considerable risk of exploitation by malicious actors. This flaw allows intruders to initiate a VPN session impersonating a targeted user, potentially compromising sensitive…
