16 Chrome Extensions Compromised: Over 600,000 Users at Risk
A newly uncovered attack campaign has compromised at least 16 Chrome browser extensions, exposing over 600,000 users to data breaches […]
CVE-2024-12856: Default Credentials Endanger 15,000+ Four-Faith Routers
A high-severity vulnerability in Four-Faith routers has placed over 15,000 devices at risk, with active exploitation already observed. The flaw,
CVE-2024-45387: Apache Traffic Control SQL Injection Fix Released
The Apache Software Foundation (ASF) has issued crucial security updates to address a severe SQL injection vulnerability in Apache Traffic
Critical Apache Tomcat RCE Flaw CVE-2024-56337
The Apache Software Foundation (ASF) has issued a crucial security update to address a newly identified vulnerability in Apache Tomcat,
WebView2 Exploited: CoinLurker Malware Targets Cryptocurrency Wallets
Attackers are targeting cryptocurrency using fake software update notifications to deploy a sophisticated stealer malware known as CoinLurker. Written in
Symlink Exploit in iOS and macOS Enables TCC Bypass
A vulnerability in Apple’s iOS and macOS has highlighted a serious flaw that allowed attackers to bypass the Transparency, Consent,
Malware Abuse of Windows UI Automation Framework Exposes EDR Blindspots
A new malware technique leverages Windows’ UI Automation (UIA) framework, enabling stealthy malicious operations while bypassing endpoint detection and response
Zero-Day Exploit in Cleo File Transfer Tools Sparks Global Security Alert
Cybersecurity experts are sounding the alarm after discovering widespread exploitation of a critical vulnerability in Cleo-managed file transfer software, affecting
AI Security Alert: Prompt Injection Flaws Exposed in DeepSeek and Claude AI
Recent discoveries have shed light on critical prompt injection vulnerabilities in AI-powered tools like DeepSeek and Anthropic’s Claude AI. If
Windows Zero-Day Exposes NTLM Credentials
A newly discovered Windows zero-day vulnerability has surfaced, enabling attackers to steal NTLM credentials with minimal user interaction. The flaw,
Mitel Patches Severe MiCollab Flaw Allowing Admin Access
A critical vulnerability in Mitel’s MiCollab software, now patched, has been revealed to enable attackers to gain unauthorized access to
Cloudflare Domains Exploited: A 250% Surge in Cyber Threats
Cloudflare’s developer platforms, including pages.dev and workers.dev, are increasingly exploited by cybercriminals for phishing and other malicious activities. These domains,
BootKitty: The First Linux UEFI Bootkit Exploiting the LogoFAIL Flaw
A new form of UEFI malware, named BootKitty, has been discovered targeting Linux systems by exploiting a serious vulnerability known
Critical Flaws Found in Advantech Industrial Wi-Fi Access Points
Over 20 security vulnerabilities are discovered in Advantech EKI industrial Wi-Fi access points, with several posing critical risks. These flaws
Critical Flaws in WordPress Anti-Spam Plugin Put Over 200,000 Sites at Risk
Two critical vulnerabilities in the widely used WordPress plugin, Spam protection, Anti-Spam, and FireWall by CleanTalk, have been discovered, potentially