Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to Read more…
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems Read more…
QEMU Emulator Exploited as Tunneling Tool to Breach Company Network Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed “large company” to connect to their infrastructure. While a number of Read more…
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with Read more…
Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect Read more…
Secrets Sensei: Conquering Secrets Management Challenges In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those Read more…
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The Read more…
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below – CVE-2024-23225 – Read more…
New Python-Based Snake Info Stealer Spreading Through Facebook Messages Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are Read more…
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to Read more…