Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were developed to exfiltrate sensitive developer source code and other confidential information. All of these packages […]
Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT) revealed that threat actors are using a technique called versioning to evade malware detection implemented to detect malicious code uploaded to the Google Play Store. The technique is not new […]
CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022. The […]
Experts warn that decommissioned medical infusion pumps sold via the secondary market could expose Wi-Fi configuration settings. The sale of decommissioned medical infusion pumps through the secondary market may lead to the potential exposure of Wi-Fi configuration settings. The researchers discovered that most of the medical infusion pumps that were purchased from secondary market services […]
The OWASP Top 10 for LLM (Large Language Model) Applications version 1.0 is out, it focuses on the potential security risks when using LLMs. OWASP released the OWASP Top 10 for LLM (Large Language Model) Applications project, which provides a list of the top 10 most critical vulnerabilities impacting LLM applications. The project aims to educate […]
Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The new vulnerability, tracked as CVE-2023-35082 (CVSS score: 10.0), can be exploited by unauthenticated attackers to access the API in […]
Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29  (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) carried out Microsoft Teams phishing attacks aimed at dozens of organizations and government agencies worldwide. APT29 along with APT28 cyber espionage group was involved in […]
Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Security researchers from the non-profit organization Shadowserver Foundation reported that hundreds of Citrix Netscaler ADC and Gateway servers have already been compromised as part of an ongoing campaign exploiting the critical remote code execution (RCE) vulnerability CVE-2023-3519. […]
Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. The phishing campaigns are able to evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebookâs web […]
The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original post @https://cybernews.com/security/burger-king-data-leak/ Burger King is a renowned US-based international fast food giant with a global presence of over 19 thousand restaurants and revenue of $1.8 billion. Recently, the Cybernews research […]