VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Category Archives: Uncategorized
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model. Go to Source Author: Elizabeth Montalbano, Contributing Writer
The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. “Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s […]
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance. Go to Source Author: Jatin Mannepalli
The impetus for CrowdStrike’s new professional services came from last year’s Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data. Go to Source Author: Jeffrey Schwartz
Cybersecurity can’t always be “Department of No,” but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization. Go to Source Author: Joan Goodchild
Curious about the buzz around AI in cybersecurity? Wonder if it’s just a shiny new toy in the tech world or a serious game changer? Let’s unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity […]
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) […]
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware Go […]
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. “Due to a flaw in the multi-line […]