Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. “The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised Read more…
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated Read more…
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of Read more…
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named Read more…
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 Read more…
Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different Read more…
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim’s account by means of a prompt injection attack. Security researcher Read more…
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection Read more…
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until Read more…
Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets. The attack has been detected Read more…