The US Cybersecurity and Infrastructure Security Agency (CISA) has included seven new vulnerabilities to its list of actively exploited security concerns, including Microsoft, Linux, and Jenkins vulnerabilities. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been…
Attackers are planting RedLine Stealer trojan using an exploit kit. The attackers are taking advantage of an Internet Explorer flaw which was fixed by Microsoft last year. “When executed, RedLine Stealer performs recon against the target system (including username, hardware,…
Cybersecurity authorities around the world have released a list of the top 15 vulnerabilities regularly exploited by threat actors in 2021, in collaboration with the NSA and the FBI. In a joint alert, the cybersecurity authorities recommended enterprises to patch…
Academic grades were at danger due to a SQL injection (SQLi) vulnerability in an open-source platform established by Greek universities to manage student data. According to a blog post published by security researcher Stavros Mekesis, miscreants exploiting the weakness in…
Researchers have found a new infostealer on cybercrime forums having innumerable features. It can not only pilfer victims’ data but also execute financial thefts using clippers and keylogging. Researchers from Cyble have tracked Prynt Stealer in the wild and analysed…
Security researchers have revealed a security issue that could enable attackers to exploit the VirusTotal platform for remote code execution (RCE) on unpatched third-party sandboxing machines employed by antivirus engines. The vulnerability, now fixed, allowed to “execute commands remotely within…
The U.S. Federal Bureau of Investigation (FBI) has warned the public of the BlackCat ransomware-as-a-service (RaaS). The ransomware has affected 60 entities globally as of March 2022 (Emerged in November 2021). The ransomware, also known as ALPHV and Noberus, is…
LemonDuck, a cross-platform cryptocurrency mining botnet, is attacking Docker to steal cryptocurrency on Linux systems. The attacks form part of a bigger malware campaign. “It runs an anonymous mining operation by the use of proxy pools, which hide the wallet…
A year after potential candidates looking for work on LinkedIn were tempted with weaponized job offers, a new series of phishing assaults carrying the more eggs malware has been detected attacking corporate hiring supervisors with false resumes as an infection…
A critical flaw in the Java JDK’s handling of some encryption procedures makes it simple for attackers to create fake credentials. Oracle resolved the cryptographic flaw, which affects Java JDK versions 15 and later, with a patch distributed as part…
