Cybersecurity News

MITRE has released its comprehensive annual report analyzing over 31,000 software vulnerabilities identified between mid-2023 and mid-2024. This crucial research provides essential insights for cybersecurity professionals and software developers, highlighting the most critical security threats facing organizations today. Understanding the Scope and Methodology of MITRE’s Analysis The research encompasses a detailed examination of 31,770 Common … Read more

A major security incident has emerged as cybersecurity researchers uncover an extensive attack campaign targeting Palo Alto Networks firewalls through two critical zero-day vulnerabilities. The breach has already compromised approximately 2,000 devices globally, raising significant concerns about network security across organizations. Understanding the Critical Vulnerabilities The first vulnerability, identified as CVE-2024-0012, carries a critical CVSS … Read more

Security researchers at Threat Fabric have uncovered a sophisticated payment fraud scheme dubbed “Ghost Tap” that exploits vulnerabilities in NFC technology to compromise Apple Pay and Google Pay transactions. This innovative attack methodology leverages a distributed network of money mules and modified NFC relay tools to conduct unauthorized transactions using stolen payment card data. Understanding … Read more

Cybersecurity researchers at Qualys have uncovered five critical security vulnerabilities in the widely-deployed Linux needrestart utility, potentially affecting numerous distributions including Ubuntu. These vulnerabilities enable local attackers to escalate their privileges to root level without requiring any user interaction, representing a significant security risk for Linux systems worldwide. Understanding the Vulnerability Chain The discovered vulnerabilities, … Read more

Google’s Threat Analysis Group (TAG) has identified two critical zero-day vulnerabilities in Apple’s software ecosystem, prompting an immediate emergency security response from the tech giant. These vulnerabilities, actively exploited in the wild, pose significant risks to users across multiple Apple platforms and devices. Understanding the Zero-Day Vulnerabilities The first vulnerability, tracked as CVE-2024-44308, affects the … Read more

Cybersecurity researchers have identified an alarming trend in the exploitation of Scalable Vector Graphics (SVG) files for sophisticated phishing attacks. This emerging threat vector leverages the unique capabilities of SVG format to bypass traditional security measures and deliver malicious payloads to unsuspecting users. Understanding the SVG Security Vulnerability SVG files represent a significant departure from … Read more

Recently unveiled court documents have exposed an extensive cyber exploitation campaign conducted by Israeli surveillance firm NSO Group, targeting WhatsApp users worldwide through multiple zero-day vulnerabilities. The documents detail how the creators of the notorious Pegasus spyware systematically deployed three distinct zero-day exploits to compromise user devices over a three-year period. Chronicle of Sophisticated Attack … Read more

A comprehensive study by NordPass has unveiled alarming findings in global password security practices, analyzing an extensive 2.5TB database of compromised credentials. The research reveals that despite growing cyber threats, millions of users continue to rely on dangerously simple passwords, with “123456” remaining the most commonly used combination across both personal and corporate accounts. Research … Read more

Cybersecurity researchers at The Shadowserver Foundation have uncovered a significant security threat targeting legacy GeoVision devices through a previously unknown vulnerability. The emerging botnet network is actively exploiting this critical flaw to conduct distributed denial-of-service (DDoS) attacks and unauthorized cryptocurrency mining operations, presenting a substantial risk to global network security. Understanding CVE-2024-11120: A Critical Security … Read more

Cybersecurity researchers at Sekoia have unveiled a comprehensive analysis of Helldown, a sophisticated ransomware strain that specifically exploits vulnerabilities in Zyxel firewalls to breach corporate networks. First identified by Cyfirma analysts in summer 2024, this emerging threat has shown increasing activity and poses a significant risk to small and medium-sized businesses worldwide. Attack Scope and … Read more