Category: Uncategorized
-

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP [email protected] (The Hacker News)
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. “These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,Read More
-

The Future of Serverless Security in 2025: From Logs to Runtime Protection [email protected] (The Hacker News)
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here isRead More
-

XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner [email protected] (The Hacker News)
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc, was originally published on October 2, 2023…
-

Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware [email protected] (The Hacker News)
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. “Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware,” Check Point said in a new analysis…
-

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider [email protected] (The Hacker News)
U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts “originated from a wireline provider’s network that was connected to ours,” Jeff Simon, chief security officer at T-Mobile, said in a statement. “We…
-

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers [email protected] (The Hacker News)
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version…
-
How to build an effective third-party risk assessment framework
Post ContentRead More
-

Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels [email protected] (The Hacker News)
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use…
-

Latest Multi-Stage Attack Scenarios with Real-World Examples [email protected] (The Hacker News)
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let’s examine real-world examples of some of the most common multi-stage attack scenarios that are active…
-
How AI is reshaping threat intelligence
Post ContentRead More
