More results...
A Russian exploit acquisition firm is offering up to $4 million for a full-chain exploit targeting messaging service Telegram.
The post Russian Firm Offers $4 Million for Telegram Exploits appeared first on SecurityWeek.
State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative …
Fake CAPTCHA Lures Victims: Lumma Stealer Abuses Clipboard and PowerShell Introduction: We recently identified a new malware campaign using fake CAPTCHA pages to deliver Lumma Stealer, an infostealer operating under the malware-as-a-service (MaaS) model, first discovered in 2022. In previous campaigns, including those in mid-2024, attackers used ClickFix a deceptive tactic involving phishing and fake […]
The post Fake CAPTCHA Lures Victims: Lumma Stealer Abuses Clipboard and PowerShell appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.
Exploitation and scanning tool specifically designed for Jenkins versions <= 2.441 & <= LTS 2.426.2. It leverages CVE-2024-23897 to assess and exploit vulnerabilities in Jenkins instances. Usage Ensure you have the necessary permissions to …
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open source …
The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI…
CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been &…
Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities. The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums. Over 20,000 “Netscaler” instances and 1,000 “Big IP” instances are available online. These systems might be attractive targets for attackers and might be […]
The post Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day …
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has…