Jan 30, 2025Ravie LakshmananVulnerability / IoT Security A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network…
Jan 29, 2025Ravie LakshmananThreat Intelligence / Malware The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the…
Jan 29, 2025The Hacker NewsThreat Detection / Artificial Intelligence Curious about the buzz around AI in cybersecurity? Wonder if it’s just a shiny new toy in the tech world or a serious game changer? Let’s…
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like…
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change…
Jan 29, 2025Ravie LakshmananVulnerability / Threat Intelligence A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution…
Jan 29, 2025Ravie LakshmananCyber Espionage / Threat Intelligence The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal…
Jan 29, 2025Ravie LakshmananVulnerability / Software Security Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked…
Jan 29, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to…
Jan 28, 2025Ravie LakshmananPhishing Attack / Network Security A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in…