-
Four-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerabilit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection, and denial-of-service (DoS) attacks across widely deployed database environments. The Postgre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data. A highly sophisticated cyberattack campaign carried out by a threat actor tracked as Storm-2949, targeting Microsoft Entra ID accounts to steal sensitive data from Mi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combini…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, discl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced it will retire the “Together mode” feature in Microsoft Teams, marking a shift toward simplified meeting layouts designed to improve performance, usability, and consistency across devices. The change, confirmed by Microsoft Prod…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical vulnerabilities in the SEPPmail Secure E-Mail Gateway are putting thousands of organizations at risk of remote code execution (RCE) and the interception of sensitive email. The flaws, tracked under several CVEs, impact widely deployed…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new AI model from Anthropic is changing how security teams find and prove software vulnerabilities. It is raising hard questions about what happens when the same technology falls into the wrong hands. Cloudflare has published findings from its partic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
