More results...
Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. In its Q2 2023 Global Ransomware Report, Corvus noted a significant resur…
CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybers…
Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks.
The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek.
A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE v…
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security adv…
Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and for…
A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a c…
A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices.
The post Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal appeared first on SecurityWeek.
Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand h…
Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains.
The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek.