cyber security news

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious…

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Dec 20, 2024Ravie LakshmananVulnerability / Cyber Attack A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as…

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

Dec 20, 2024Ravie LakshmananCISA / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known…

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package…

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Dec 19, 2024Ravie LakshmananMalware / Botnet Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The…

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Dec 19, 2024Ravie LakshmananVulnerability / Network Security Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as…

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

Dec 18, 2024Ravie LakshmananEmail Security / Cloud Security Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft…

Introducing our End-to-End OS Platform

Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open…

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

Dec 18, 2024Ravie LakshmananCyber Espionage / Malware The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files.…

ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Dec 18, 2024The Hacker NewsThreat Detection / Endpoint Security Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against…