On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing indications of ongoing exploitation, added a previously disclosed significant vulnerability affecting Atlassian’s Bitbucket…
Latest posts
Data Breach
Optus discloses the scope of the data breach but refuses to say how it occurred.
The 9.8 million subscribers affected by the data breach have 1.2 million valid forms of identity. According to the Singtel-owned Australian operator, who also…
RCE vulnerability
The Spring Cloud-enabled Nepxion Discovery software does not fix RCE and information leak issues.
Chinese project maintainer appears to have closed the public issue without offering a patch. Nepxion Discovery Software, an open-source project that offers functionality for…
Vulnerabilities
There are two fresh zero-days for Exchange Server
As it looks at (yep, more) reported vulnerabilities in Microsoft Exchange Server that affect the software’s 2013, 2016, and 2019 editions, Microsoft has released…
Malware
Findings of New Malware Families Aimed at VMware ESXi Hypervisors
VMware’s virtualization software has been revealed to be used by threat actors to implant never-before-seen post-compromise implants. The implants allow them to take control…
Vulnerabilities
SolarMarker Attack Uses Vulnerable WordPress Sites and False Chrome Updates
As part of a novel strategy in its watering-hole attacks, the SolarMarker attack organization is encouraging victims to download phoney Chrome browser updates by…
Vulnerabilities
A new 0-day RCE vulnerability on Microsoft Exchange Server was used in a new attack campaign.
While providing security monitoring and incident response services around the beginning of August 2022, the GTSC SOC team learned that a vital infrastructure was…
Data Breach
Data from 16 million Swachhata Platform users are exposed due to a breach.
User names, emails, passwords, mobile numbers, OTP-related information, and login IPs. And hacked unique user tokens are among the Swachhata City data. On Friday,…
Malware
Hackers from Brazil’s Prilex Group Resurface with Advanced Point-of-Sale Malware
After a year-long operational sabbatical, the Brazilian threat actor Prilex has returned with sophisticated and intricate Point-of-Sale Malware to steal money through fraudulent transactions.…
Data Breach
Optus data breach “attacker” says sorry, it was a mistake
On September 22, 2022, Australian telecoms firm Optus revealed Optus Data Breach a security issue. Since then, a lot has transpired. The majority of…