GitLab has released updates to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE) versions, which could result in authentication bypass. The issue is tied to the ruby-saml library (CVE-2024-45409,...
On September 10, 2024, Ivanti released a security advisory concerning a zero-day vulnerability in the Cloud Service Appliance (CSA) product. Initially, the flaw appeared to be of little interest, as Ivanti stated that exploitation...
A new malicious campaign has been detected in Uzbekistan, propagating an Android malware known as Ajina.Banker. Discovered by Group-IB specialists in May 2024, this Trojan has been operational since November 2023 and currently boasts...
Cybernews researchers have uncovered a vulnerability in the system of Braza Bank, Brazil’s largest bank, which left its data exposed to cyberattacks. The team of experts discovered that a configuration file (.env), containing sensitive...
Cybersecurity researchers are raising the alarm about novel attacks perpetrated by North Korean hackers, who are exploiting the LinkedIn platform to disseminate malware known as RustDoor. Experts at Jamf Threat Labs have reported uncovering...
Cybersecurity researchers have uncovered a new botnet constructed using devices from small office/home office (SOHO) networks and IoT devices. This botnet is believed to be operated by the Chinese hacking group Flax Typhoon, also...
Researchers have disclosed a proof-of-concept exploit for a critical vulnerability in Ivanti Endpoint Manager (CVE-2024-29847, CVSS score: 9.8), which permits remote code execution. The exploit is now publicly available, making it imperative to update...
The United States Department of Justice has indicted a Chinese national for attempting to breach the security of several American aviation agencies in order to purloin software and code developed by NASA and other...
The U.S. Treasury Department has imposed sanctions on five individuals and one company affiliated with the Intellexa consortium for their involvement in the development, operation, and dissemination of espionage technologies that pose a threat...
D-Link has rectified critical vulnerabilities in three popular wireless router models that could have permitted remote attackers to execute arbitrary code or gain unauthorized access to the devices by exploiting hard-coded credentials. The affected...
SolarWinds has released updates to address two vulnerabilities in its Access Rights Manager (ARM) software, one of which is classified as critical. The vulnerability, identified as CVE-2024-28991, has been assigned a CVSS score of...
A shadow market has long existed and thrived in the dark web, significantly fueling the entire cybercrime industry. The focus here is on XSS.is — an exclusive forum that has been actively attracting the...
