Zeljka Zorz
Using Authy? Beware of impending phishing attempts
Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping …
How AI-powered software spreads Russian disinformation on X
The US Justice Department (DoJ) has seized two US-based domains used by Russian threat actors to create fake profiles on X (formerly Twitter) that would spread disinformation …
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)
CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for …
Google removes enrollment barrier for prospective Advanced Protection Program users
Google has removed a potential obstacle for high-risk users who want to enroll in the company’s Advanced Protection Program (APP): they can now do it just by setting a …
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)
For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in …
Chinese APT40 group swifly leverages public PoC exploits
Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …
TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack
TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, …
Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released
A cryptographic weakness in the DoNex ransomware and its previous incarnations – Muse, fake LockBit 3.0, and DarkRace – has allowed Avast researchers to create a …
Largest Croatian hospital under cyberattack
The University Hospital Centre Zagreb (KBC Zagreb) is under cyberattack that started on Wednesday night, the Croatian Radiotelevision has reported. Because of the attack, the …
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)
A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s …
Malware peddlers experimenting with BPL sideloading and masking malicious payloads as PGP keys
A newly spotted campaign is leveraging BPL sideloading and other uncommon tricks to deliver the IDAT Loader (aka HijackLoader) malware and prevent its detection. The campaign …
Compromised plugins found on WordPress.org
An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them …
Featured news
Resources
Don't miss
- Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
- TikTok videos + ClickFix tactic = Malware infection
- DanaBot botnet disrupted, QakBot leader indicted
- Is privacy becoming a luxury? A candid look at consumer data use
- Unpatched Windows Server vulnerability allows full domain compromise