QBot malware abuses Windows WordPad EXE to infect devices
Once the DLL is loaded, the malware uses C:\Windows\system32\curl.exe to download a DLL camouflaged as a PNG file from a remote host
Read More...
CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
The three issues reside in the WebKit browser engine and are tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373
Read More...
PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond in a timely fashion
Read More...
Barracuda warns of email gateways breached via zero-day flaw
The company advises organizations to review their environments to confirm the threat actors did not spread to other devices on the network
Read More...
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
Researchers identified an ongoing BatLoader campaign relying on Google Search Ads to deliver rogue web pages for ChatGPT and Midjourney
Read More...
Cisco warns of critical switch bugs with public exploit code
All four security flaws received almost maximum severity ratings with CVSS base scores of 9.8/10
Read More...
Apple fixes three new zero-days exploited to hack iPhones, Macs
The security bugs were all found in the multi-platform WebKit browser engine and are tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373
Read More...
Malicious Microsoft VSCode extensions steal passwords, open remote shells
The cases discovered demonstrate that threat actors are now actively attempting to infect Windows developers with malicious submissions
Read More...
Parental control app with 5 million downloads vulnerable to attacks
Impacted by multiple vulnerabilities that could enable attackers to upload arbitrary files on protected devices, steal user credentials, and allow children to bypass restrictions without the parents noticing
Read More...
Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks
The gang has been observed gaining access to victim networks via remote desktop protocol (RDP) credentials that were likely acquired from initial access brokers or via phishing attacks
Read More...