Fake Cisco Webex Google Ads abuse tracking templates to push malware
The threat actors can exploit a loophole in the Google Ad platform's tracking template that allows them to redirect at will while complying with Google's policy
Read More...
Free Download Manager site redirected Linux users to malware for years
The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials
Read More...
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now
CVE-2023-41064 relates to a buffer overflow issue in the Image I/O component that could lead to arbitrary code execution when processing a maliciously crafted image
Read More...
Cisco warns of VPN zero-day exploited by ransomware gangs
The medium severity zero-day allows unauthorized remote attackers to conduct brute force attacks against existing accounts
Read More...
CISA warns of critical Apache RocketMQ bug exploited in attacks
Multiple threat actors are possibly exploiting the vulnerability at the moment to install various payloads on impacted systems
Read More...
Apple zero-click iMessage exploit used to infect iPhones with spyware
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim
Read More...
US govt email servers hacked in Barracuda zero-day attacks
The FBI continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit
Read More...
Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
Pulling off the attack requires administrative permissions to communicate with the wcifs driver and it cannot be used to override files on the host system
Read More...
FBI warns of patched Barracuda ESG appliances still being hacked
Tracked as CVE-2023-2868, the vulnerability was first exploited in October 2022 to backdoor ESG appliances and steal data from the compromised systems
Read More...
Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software
If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal
Read More...