Image source: QINQIE99,Shutterstock One of them is a 0-day that a threat actor is using in an ransomware campaign Microsoft has released fixes for 126 vulnerabilities in its April 2025 Patch Tuesday…
NSA, CISA, Others Warn About Fast Flux Threat: Here’s Why
Image source: Shutterstock Enterprise organizations, ISPs and security services providers are not adequately prepared to protect against attacks that leverage the technique, authoring agencies say. The NSA, CISA, and international partners have…
Max Severity Bug Affects MITRE Caldera Adversary Emulation Platform
Image source: MITRE Caldera Users should patch immediately to mitigate risk, Caldera security team says. MITRE’s Caldera team has patched a maximum severity remote code execution bug in the adversary emulation platform…
FBI: Russia’s APT29 May Exploit These 24 vulnerabilities-Be Aware
Image source: Shutterstock Recent flaws that the state-affiliated actor has exploited widely include CVE-2023-42793 in JetBrains TeamCity and CVE-2022-27924 in Zimbra. The FBI in collaboration with the National Security Agency, Cyber National…
Ivanti’s New 0-Days Now in CISA’s Exploit Catalog
Image source: Shutterstock Attacks targeting CVE-2024-9379 and CVE-2024-9380 have impacted customers running the end-of-life CSA 4.6 for which the company issued the last security fix on Sept. 10. Ivanti this week issued…
2 Exploited and 3 Publicly Known Bugs in Microsoft’s Oct. Update to Patch Now
Image source: : Shutterstock Microsoft’s relatively moderate severity rating for the bugs belie the threat they present At least five of the 117 CVEs for which Microsoft released a patch this week…
Ransomware Actors Escalate Adversary-in-the-Middle Attacks
Image source: Shutterstock Many are also striking quickly after gaining initial access, a new report shows. Ransomware actors increasingly deployed adversary in the middle (AiTM) tactics to steal credentials and session cookies…
What 6 Cybersec Experts Have Said About the Lebanon Pager Attacks
Image source: Shutterstock The attacks resulted from someone physically planting small explosives on pagers destined for Hezbollah members and triggering it with a message. For those wondering if the deadly pager explosions…
Iran’s APT34 hits Iraq Govt with new malware and C2 tactics
Image source: Shutterstock The threat actor is using email, DNS tunneling and an updated IIS backdoor to communicate with “Veaty” and “Spearal”, two new malware tools in its portfolio. Here’s what’s noteworthy about the…
New Vuln Enables Admin Access on Domain-Joined ESXi Hypervisors
Image Source: Shutterstock Ransomware attackers are leveraging CVE-2024-37085 to drop Black Basta, Akira on vulnerable systems, Microsoft says. Ransomware operators are exploiting an authentication bypass vulnerability in ESXi hypervisors to gain full…