Zeljka Zorz
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by …
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation …
Transportation, logistics companies targeted with lures impersonating fleet management software
Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever …
US-based Kaspersky users startled by unexpected UltraAV installation
A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any …
Telegram will share IP addresses, phone numbers of criminal suspects with cops
Telegram will start handing over the IP addresses and phone numbers of users who violate their Terms of Service “to relevant authorities in response to valid legal …
Windows Server 2025 gets hotpatching option, without reboots
Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. …
Organizations are changing cybersecurity providers in wake of Crowdstrike outage
More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber …
Windows users targeted with fake human verification pages delivering malware
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed …
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged …
FBI forced Flax Typhoon to abandon its botnet
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …
Hackers breaching construction firms via specialized accounting software
Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. …
Ghost: Criminal communication platform compromised, dismantled by international law enforcement
Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. …
Featured news
Resources
Don't miss
- Hackers love LOTL, this approach shuts them down
- A2AS framework targets prompt injection and agentic AI security risks
- How to stop a single vendor breach from taking down your business
- CISA says it will fill the gap as federal funding for MS-ISAC dries up
- Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI