Security News

Filter by:

SolarWinds Web Help Desk flaw is now exploited in attacks

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...]
Bleepingcomputer 17 Oct 2024 1738 Views

WhatsApp may expose the OS you use to run it – which could expose you to crooks

Meta knows messaging service creates persistent user IDs that have different qualities on each device Updated  An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the number of linked...
The Register 17 Oct 2024 7064 Views

EDRSilencer red team tool used in attacks to bypass security

A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles. [...]
Bleepingcomputer 16 Oct 2024 1880 Views

Jetpack fixes critical information disclosure flaw existing since 2016

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]
Bleepingcomputer 15 Oct 2024 2056 Views

Google warns uBlock Origin and other extensions may be disabled soon

Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. [...]
Bleepingcomputer 14 Oct 2024 1648 Views

Iranian hackers now exploit Windows flaw to elevate privileges

The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. [...]
Bleepingcomputer 13 Oct 2024 1485 Views

OpenAI confirms threat actors use ChatGPT to write malware

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. [...]
Bleepingcomputer 12 Oct 2024 1357 Views

New Mamba 2FA bypass service targets Microsoft 365 accounts

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages.
Bleeping Computer 9 Oct 2024 1784 Views

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The Hacker News 9 Oct 2024 1702 Views

Big brands among thousands infected by payment-card-stealing CosmicSting crooks

Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Updated  Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of...
The Register 5 Oct 2024 7304 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY