Cybersecurity News

Cybersecurity researchers at NinjaLab have uncovered a critical vulnerability in Infineon’s cryptographic library, used in numerous secure microcontrollers. This side-channel attack, dubbed EUCLEAK, has far-reaching implications for a wide range of products, including hardware security keys, electronic passports, and even smart cars. Understanding EUCLEAK: A Threat to Cryptographic Security EUCLEAK exploits a weakness in the … Read more

Cybersecurity experts at Trend Micro have uncovered a sophisticated malware campaign targeting users in the Middle East. The malicious software cleverly disguises itself as Palo Alto Networks’ GlobalProtect, a widely-used VPN tool, raising concerns about potential widespread corporate network infiltrations. The Deception: Malware Mimicking Trusted VPN Software While the initial attack vector remains unclear, researchers … Read more

Microsoft has issued an urgent warning to users about a critical TCP/IP vulnerability that could allow remote code execution on affected systems. This high-severity flaw, identified as CVE-2024-38063, impacts all Windows systems with IPv6 protocol enabled by default, putting millions of devices at risk. Understanding the Vulnerability The vulnerability, discovered by researchers at Kunlun Lab, … Read more

Google has released its monthly Android security update, addressing a total of 34 vulnerabilities across various versions of the mobile operating system. The most notable fix in this patch is for CVE-2024-32896, a critical vulnerability that has been actively exploited by threat actors and was previously patched only for Pixel devices. Understanding CVE-2024-32896: A Serious … Read more

The cybersecurity landscape is witnessing a significant evolution of the Quad7 botnet, as reported by Sekoia analysts. Initially known for targeting TP-Link and ASUS routers, Quad7 has now expanded its reach to include Zyxel VPN devices, Ruckus wireless routers, and Axentra media servers. This expansion marks a concerning development in the botnet’s capabilities and potential … Read more

Microsoft has unveiled a sophisticated cyber campaign orchestrated by North Korean threat actors, exploiting a recently patched Google Chrome zero-day vulnerability (CVE-2024-7971) to deploy the notorious FudModule rootkit. This revelation underscores the persistent threat posed by state-sponsored hacking groups to the global financial sector, particularly cryptocurrency organizations. Citrine Sleet: The Culprit Behind the Attacks Microsoft … Read more

Microsoft’s Windows Recall AI feature, which sparked significant controversy upon its introduction, has once again become the center of attention in the cybersecurity community. Initially designed to enhance user experience by allowing easy access to previously viewed information, the feature has faced criticism from security experts and privacy advocates alike. Recent developments have added another … Read more

Kaspersky Lab analysts have uncovered a sophisticated cybercrime operation dubbed “Tusk,” targeting Windows and macOS users globally. This campaign, believed to be orchestrated by Russian-speaking threat actors, employs a combination of phishing, infostealers, and clipboard hijackers to pilfer cryptocurrency and sensitive personal information. The Anatomy of Tusk Attacks The Tusk campaign initiates its assault by … Read more

Cybersecurity researchers at JFrog have uncovered a new attack vector dubbed “Revival Hijack,” exposing a significant vulnerability in the Python Package Index (PyPI). This discovery highlights the ongoing challenges in securing open-source software ecosystems and underscores the importance of vigilant package management practices. Understanding Revival Hijack Revival Hijack exploits a gap in PyPI’s package management … Read more

The notorious cybercriminal group BlindEagle, also known as APT-C-36, has been observed refining its tactics and expanding its reach across Latin America. First identified in 2018, this threat actor has recently updated its cyber espionage campaigns, primarily targeting individuals and organizations in Colombia and neighboring countries. Expanded Scope and Sophisticated Techniques According to recent findings … Read more