Hackers bombard PyPi platform with information-stealing malware
The malware dropped in this campaign is a clone of the open-source W4SP Stealer, responsible for a previous widespread malware infection on PyPI in November 2022
Read More...
Microsoft-signed malicious Windows drivers used in ransomware attacks
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents
Read More...
Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws
Six of the 49 vulnerabilities fixed with this update are classified as 'Critical' as they allow remote code execution, one of the most severe vulnerabilities
Read More...
New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a new zero-day vulnerability that results in remote code execution
Read More...
New Python malware backdoors VMware ESXi servers for remote access
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system
Read More...
Hackers exploit critical Citrix ADC and Gateway zero-day
This new vulnerability allows an unauthenticated attacker to execute commands remotely on vulnerable devices and take control of them
Read More...
Google Chrome Flaw Added to CISA Patch List
Google has already released a fixed version of Chrome browser for Windows, Mac, and Linux users. CISA has given government agencies until Dec. 26 to get a patch
Read More...
Experts created a technique to bypass web application firewalls (WAF) of several major vendors
Researchers have verified that the bypass attack technique has worked against firewalls from multiple vendors, including Cloudflare, F5, Imperva, and Palo Alto Networks
Read More...
Cisco discloses high-severity IP phone bug with exploit code
Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks
Read More...
Automated dark web markets sell corporate email accounts for $2
Security researchers who followed this trend have reported at least 225,000 email accounts for sale on underground markets
Read More...