Google has distributed critical security updates addressing seven vulnerabilities in its Chrome browser, one of which is a high-severity zero-day exploit currently being weaponized in the wild. This vulnerability, identified as CVE-2023-6345, is classified as an integer overflow flaw within Skia, an open-source 2D graphics library frequently utilized in web…
A critical security vulnerability affecting Apache ActiveMQ has recently been revealed, with threat actors actively exploiting it to deploy a new Go-based botnet named GoTitan alongside a remote access tool called PrCtrl Rat. This latter program facilitates remote control of compromised systems. The assaults are centered around a remote code…
Recent CACTUS Ransomware Campaign Targets Qlik Sense Vulnerabilities A new ransomware campaign, identified as CACTUS, has been leveraging recently revealed security vulnerabilities within Qlik Sense, a cloud analytics and business intelligence platform. This operation has sparked significant concern among cybersecurity experts, marking the first known use of these vulnerabilities by…
Recent reports from cybersecurity experts have indicated the emergence of a sophisticated variant of the P2PInfect botnet, which has shown the ability to target both routers and Internet of Things (IoT) devices. This new iteration has been identified by Cado Security Labs as specifically tailored for Microprocessor without Interlocked Pipelined…
Microsoft recently announced the detection of nation-state activities tied to the Kremlin, exploiting a critical security vulnerability in the Outlook email service that has since been patched. This issue allowed unauthorized access to user accounts hosted on Microsoft Exchange servers, raising alarming security concerns for organizations relying on this platform.…
GitHub Vulnerability Exposes Over 15,000 Go Repositories to Repojacking Attacks Recent research has unveiled that more than 15,000 Go module repositories on GitHub are at risk of repojacking attacks, a significant cybersecurity concern. Jacob Baines, Chief Technology Officer at VulnCheck, reported that over 9,000 of these vulnerabilities stem from changes…
Qualcomm Issues Security Advisory for High-Severity Flaws In recent developments, chipmaker Qualcomm has disclosed significant information regarding three critical security vulnerabilities that were reportedly exploited in targeted attacks as of October 2023. The company emphasized that these flaws were subjected to “limited, targeted exploitation,” raising alarms about their implications for…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a high-severity vulnerability in Adobe ColdFusion, identified as CVE-2023-26360. Unidentified cyber actors are reportedly leveraging this flaw to gain unauthorized access to government servers. This vulnerability is categorized as an improper access control…
The cybersecurity landscape has been shaken by the emergence of a new Linux remote access trojan (RAT) named Krasue. This malware has been identified as targeting telecommunications companies in Thailand since at least 2021, providing threat actors with covert access to victim networks. Group-IB, a cybersecurity firm, has released findings…
