Your blog category
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS… Read More »Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an “advanced and upgraded version” of a known malware called StealthVector to deliver a previously undocumented… Read More »Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily… Read More »New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign
Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory… Read More »Streamlined Security Solutions: PAM for Small to Medium-sized Businesses
Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question… Read More »PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as… Read More »GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early… Read More »New Ransomware Group Exploiting Veeam Backup Software Vulnerability
It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks.… Read More »True Protection or False Promise? The Ultimate ITDR Shortlisting Guide
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild.… Read More »Microsoft’s July Update Patches 143 Flaws, Including Two Actively Exploited
The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are: 53% of… Read More »Smash-and-Grab Extortion