Security News

Palo Alto firewalls under attack as miscreants chain flaws for root access
2025-02-19 00:15

If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two...

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
2025-02-18 17:07

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...]

Cybercriminals shift focus to social media as attacks reach historic highs
2025-02-18 16:00

A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing...

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
2025-02-18 15:34

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a...

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
2025-02-18 15:09

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use...

Lee Enterprises newspaper disruptions caused by ransomware attack
2025-02-18 12:35

Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group's operations for over two weeks. [...]

Microsoft: Hackers steal emails in device code phishing attacks
2025-02-15 15:22

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [...]

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
2025-02-14 22:53

Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall...

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
2025-02-14 18:42

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
2025-02-14 18:28

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The...