Blog

Unsaflok, in Dormakaba’s Saflok electronic RFID locks used in hotels and multi-family housing, allows attackers to forge a master keycard by exploiting weaknesses in the system and then using it to unlock any door within the affected property. The vulnerability …

The Mobile Security Framework (MobSF), a widely used pen-testing, malware analysis, and security assessment framework, has been found to contain a critical input validation flaw that could lead to server-side request forgery (SSRF) attacks. The vulnerability, tracked as CVE-2024-29190, affects MobSF …

As tax season rolls around, a period marked by the rush to meet filing deadlines and ensure compliance with tax laws, cybercriminals are ramping up their efforts to exploit this busy time. Leveraging sophisticated social engineering tactics, these threat actors launch targeted …

Researchers from Perception Point identified a new malware campaign, PhantomBlu, targeting US organizations that use novel techniques to deploy NetSupport RAT, a remote access trojan, by exploiting legitimate features of Microsoft Office document templates via OLE manipulation. It allows the …

Threat actors use SVG files in cyber-attacks because SVGs (Scalable Vector Graphic files) can contain embedded scripts, making them a vector for executing malicious code. Not only that even the SVG files can also bypass certain security measures as well …

To analyze a security vulnerability (CVE-2024-21413) in Outlook, a controlled environment can be set up using a virtual machine (ANY.RUN) within a local virtual private network (VPN). Researchers can learn more about the exploit by making a proof-of-concept (PoC) and …

A new malware campaign has been identified targeting Android users in India. This sophisticated attack distributes malicious APK packages to compromise personal and financial information. The malware, available as a Malware-as-a-Service (MaaS) offering, underscores the evolving threat landscape in the digital age. …

Race conditions arise when there is no insufficient synchronization with a shared resource allowing multiple threads to access it simultaneously. The use of synchronization primitives such as mutexes, spinlock, etc. prevents these race conditions, However, researchers have discovered a new …

Researchers discovered multiple vulnerabilities in Google’s Gemini Large Language Model (LLM) family, including Gemini Pro and Ultra, that allow attackers to manipulate the model’s response through prompt injection. This could potentially lead to the generation of misleading information, unauthorized access to confidential …

Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. The tech giant recently discovered unauthorized access attempts that were made using information obtained from a previous …