International law enforcement agencies have successfully dismantled a notorious cybercrime platform, LabHost, which facilitated criminals in conducting phishing attacks to steal sensitive information such as passwords, addresses, and card details from unsuspecting victims worldwide. This collaborative effort underscores the increasing global commitment …
Oracle has released its Critical Patch Update (CPU) for April 2024, addressing 372 vulnerabilities across multiple products. The Critical Patch Update provides fixes for security flaws in widely-used Oracle products including Database Server, Fusion Middleware, Enterprise Manager, E-Business Suite, Supply …
A severe vulnerability has been discovered in the PuTTY client and related components, allowing attackers to fully recover NIST P-521 private keys. The PuTTY client generates heavily biased ECDSA nonces when using the NIST P-521 elliptic curve, causing the vulnerability …
The automotive industry is experiencing a surge in BEC and VEC attacks, a type of email scam designed to trick employees into transferring money or revealing sensitive information. A recent incident where a fraudster stole $37 million from Toyota Boshoku …
Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring infrastructure in Russia, leading to a significant shutdown of sewage systems, among other utilities. The group, known as BlackJack, executed the attack on the 9th of April, …
Node.js project disclosed a high-severity vulnerability affecting multiple active release lines of its software on Windows platforms. This flaw, identified as CVE-2024-27980, allows attackers to execute arbitrary commands on affected systems, posing a serious risk to applications and services built …
A sophisticated malvertising campaign is targeting system administrators across North America. The attackers are using fake ads for popular system utilities to distribute a dangerous strain of malware known as Nitrogen. Step 1: Luring Victims with Malicious Ads The campaign exploits the trust users place in search engine advertisements. By displaying sponsored search results for …
Over a million WordPress websites have been at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin. The flaw, CVE-2024-2879, could allow unauthenticated attackers to extract sensitive data, including password hashes, from websites’ databases. CVE-2024-2879: A Critical …
Apache released updates to address several vulnerabilities impacting the Apache HTTP server that let attackers launch HTTP/2 DoS attacks and insert malicious headers. Server operations are being adversely affected by these vulnerabilities, which are proving to be a serious danger. A …
Hospitals across the nation are on high alert as sophisticated cybercriminals use advanced social engineering tactics to target IT help desks. The Health Sector Cybersecurity Coordination Center (HC3) has issued a Sector Alert detailing the latest threat to the healthcare industry. The HC3’s …