Security News

Hackers exploit Aiohttp bug to find vulnerable networks
2024-03-16 14:17

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. On January 28, 2024, aiohttp released version 3.9.2, addressing CVE-2024-23334, a high-severity path traversal flaw impacting all versions of aiohttp from 3.9.1 and older that allows unauthenticated remote attackers to access files on vulnerable servers.

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
2024-03-13 21:26

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. The flaw tracked as CVE-2024-21412 is a Windows Defender SmartScreen flaw that allows specially crafted downloaded files to bypass these security warnings.

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
2024-03-12 09:15

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected...

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
2024-03-11 06:28

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and...

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
2024-03-11 05:59

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing...

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
2024-03-10 15:38

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. Sucuri says the exact actions of the code may vary, but the primary purpose of the injections appears to be redirecting visitors of infected sites to malicious destinations such as phishing pages and malware-dropping sites.

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
2024-03-06 16:58

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to...

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
2024-03-05 16:18

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with...

Exploit available for new critical TeamCity auth bypass bug, patch now
2024-03-04 22:42

A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
2024-02-29 08:17

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The...