Cybersecurity News

Security researchers have uncovered a critical vulnerability in D-Link Network Attached Storage (NAS) devices that puts over 60,000 systems worldwide at immediate risk. The security flaw, tracked as CVE-2024-10914 with a severe CVSS score of 9.2, enables unauthorized remote attackers to execute arbitrary commands on affected devices without requiring authentication. Understanding the Technical Impact The … Read more

Cybersecurity researchers at Hudson Rock have uncovered a significant data breach involving over 2.8 million confidential records from Amazon and other major corporations. The sensitive information was exposed on the Breached hacking forum by an actor using the pseudonym Nam3L3ss, marking one of the most substantial corporate data exposures of recent times. Breach Confirmation and … Read more

Microsoft has recently issued a crucial alert for users of Windows 11 versions 22H2 and 23H2, warning of potential SSH connection problems following the October security updates. This development has raised significant concerns in the cybersecurity community, as SSH (Secure Shell) is a critical protocol for secure remote access and system management. Scope and Impact … Read more

Cybersecurity researchers at SlashNext have uncovered a sophisticated new threat targeting the software development community. The newly identified phishing tool, dubbed “Goissue,” developed by the operators of the notorious Gitloker campaign, represents a significant escalation in automated attacks against GitHub users. This advanced threat specifically focuses on harvesting email addresses from public GitHub profiles to … Read more

Google has unveiled groundbreaking artificial intelligence-powered security features for Android devices, marking a significant advancement in mobile threat protection. The new security suite introduces real-time scam call detection and enhanced malware monitoring capabilities, leveraging cutting-edge AI technology to protect users from evolving digital threats. AI-Powered Scam Call Detection: A New Era in Phone Security At … Read more

Palo Alto Networks has issued a high-priority security advisory regarding a potential Remote Code Execution (RCE) vulnerability affecting their PAN-OS firewall management system. This security alert demands immediate attention from security administrators and highlights the need for swift preventive measures to protect critical network infrastructure. Understanding the Security Risk and Immediate Actions While no active … Read more

Nokia Data Breach: Supply Chain Attack Exposes Critical Infrastructure Assets A significant cybersecurity incident has emerged as threat actor IntelBroker claims successful exploitation of Nokia’s infrastructure through a third-party contractor’s vulnerable SonarQube server. This breach highlights the growing sophistication of supply chain attacks and their potential impact on major technology corporations. Attack Vector Analysis and … Read more

Security researchers at Positive Technologies have uncovered a sophisticated cyber espionage campaign conducted by the threat actor known as PhaseShifters (also tracked as Sticky Werewolf). The group has been implementing advanced steganography techniques to conceal malicious code within seemingly innocent image and text files, effectively bypassing conventional security measures. Sophisticated Target Selection and Attack Methodology … Read more

Okta, a leading identity and access management provider, has disclosed a critical security vulnerability in its DelAuth AD/LDAP authentication system. The flaw, which existed for approximately three months, could allow attackers to bypass authentication mechanisms by exploiting a weakness in the way the system handles unusually long usernames. Understanding the Technical Impact The vulnerability stems … Read more

A comprehensive security study conducted by Positive Technologies has unveiled alarming vulnerabilities in recycled SIM cards, exposing significant risks to mobile users’ digital security. The research reveals that 43% of examined phone numbers were previously used for various online service registrations, with 37% of associated accounts remaining active and potentially accessible to new number owners. … Read more