Your blog category
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations’ cloud environments. “A combination of misconfigurations and… Read More »GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.… Read More »New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining
An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to “multiple intrusion attempts” with the goal of conducting credential theft and deploying… Read More »Black Basta-Linked Attackers Target Users with SystemBC Malware
Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first.… Read More »How to Augment Your Password Security with EASM
A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be… Read More »Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges
Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack… Read More »DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals
The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly… Read More »China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The… Read More »Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90… Read More »Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits
Cybersecurity researchers have discovered two security flaws in Microsoft’s Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access… Read More »Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service