Security News

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. [...]

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a...

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect...

Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. [...]

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family...

A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them...

Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector...

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. [...]

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management...