Policy
-
Security Flaw Exposes Hundreds of Laravel Applications to Remote Code Execution
A vulnerability affecting over 600 Laravel applications has been discovered, allowing the exploitation of leaked APP_KEYs to gain remote code execution capabilities. Cybersecurity experts emphasize the importance of immediate key rotation and continuous monitoring to prevent such security breaches.
-
DoNot APT Group Launches Cyber Espionage Attack on European Foreign Affairs Ministry
The DoNot APT group has launched a sophisticated cyber espionage attack on a European foreign affairs ministry, marking a significant expansion beyond its traditional focus on South Asia, according to researchers at Trellix.
-
Nippon Steel Solutions Reports Data Breach Amid Cybersecurity Investigation
Nippon Steel Solutions has reported a data breach following a zero-day vulnerability exploitation, impacting customer and employee data. The company is investigating the incident while implementing stricter security measures.
-
Critical Remote Code Execution Vulnerability Discovered in mcp-remote Project
A critical vulnerability in the mcp-remote project could allow hackers to execute arbitrary operating system commands, prompting updates and stronger security practices for users.
-
New Vulnerability in ServiceNow Exposes Sensitive Data to Low-Privileged Users
A newly identified vulnerability in ServiceNow, known as Count(er) Strike, allows low-privileged users to access sensitive data improperly, prompting urgent calls for enhanced security measures from enterprises using the platform.
-
Cybersecurity Firm Uncovers 17,000 Fake News Websites Exploiting Investment Scams
CTM360 has revealed over 17,000 fake news websites exploiting users for online investment scams across 50 countries. These sites simulate credible news sources, misleading victims into fraudulent transactions.
-
TAG-140 Group Targets Indian Government with New DRAT V2 Malware
The TAG-140 hacking group has been identified as a serious threat to Indian governmental organizations, employing a sophisticated new version of a remote access trojan called DRAT V2. This group has augmented its operations by spoofing official portals and evolving its malware capabilities, raising alarms about national security.
-
Cisco Issues Urgent Update to Address Critical Vulnerability in Unified Communications Manager
Cisco has issued an urgent security alert regarding a critical vulnerability in its Unified Communications Manager systems, urging users to upgrade to new software updates to prevent potential exploitation.
-
French Cybersecurity Agency Warns of Chinese Hackers Exploiting Ivanti CSA Vulnerabilities
The French cybersecurity agency has revealed that a Chinese hacking group exploited vulnerabilities in Ivanti’s Cloud Services Appliance, impacting various sectors in France. This operation marks a significant escalation in cyber threats aimed at critical infrastructure.
-
Russian APT Gamaredon Intensifies Phishing Campaigns Against Ukraine
Gamaredon, a Russia-aligned APT, has intensified its spear-phishing attacks on Ukrainian government institutions, revealing a significant increase in sophistication and employing new stealth capabilities in its operations.
