Pierluigi Paganini
August 21, 2024
Researchers have disclosed a critical security vulnerability in Microsoft’s Copilot Studio that could lead to the exposure of sensitive information. Researchers disclosed a critical security vulnerability, tracked as CVE-2024-38206 (CVSS score: 8.5), impacting Microsoft’s Copilot Studio. An attacker can exploit the vulnerability to access sensitive information. The flaw is an information disclosure vulnerability resulting from […]
Pierluigi Paganini
August 20, 2024
Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan. Broadcom Symantec researchers discovered a previously undetected backdoor, called Msupedge, that was employed in an attack targeting an unnamed university in Taiwan. The most notable feature of the backdoor is that it relies on DNS tunnelling […]
Pierluigi Paganini
August 20, 2024
Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable to data leak, sensitive customer information is at risk. Cybersecurity researchers from AppOmni warn of a potential issue in Oracle NetSuite SuiteCommerce platform could allow attackers to access customer sensitive data. NetSuite is a widely used SaaS Enterprise Resource Planning (ERP) platform, valued for its […]
Pierluigi Paganini
August 19, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability, tracked as CVE-2024-23897 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. In January 2024, researchers […]
Pierluigi Paganini
August 19, 2024
New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update […]
Pierluigi Paganini
August 18, 2024
Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints. A team of researchers from US universities demonstrated how to deceive fingerprint recognition systems through dictionary attacks using ‘MasterPrints,’ which are fingerprints that can match multiple other prints. The experts introduced DeepMasterPrints, which […]
Pierluigi Paganini
August 18, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Large-scale extortion campaign targets publicly accessible environment variable files (.env) OpenAI dismantled an Iranian influence operation targeting the […]
Pierluigi Paganini
August 16, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk deserialization of untrusted data vulnerability, tracked as CVE-2024-28986 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. This week SolarWinds fixed the […]
Pierluigi Paganini
August 16, 2024
Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claim it can steal a broad range of data from compromised systems, including browser […]
Pierluigi Paganini
August 16, 2024
Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed […]
Uncategorized / January 15, 2026
