Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a… Read More »Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. “While occasionally… Read More »Iranian MuddyWater Hackers Adopt New C2 Tool ‘DarkBeatC2’ in Latest Campaign
Cybersecurity researchers have discovered a credit card skimmer that’s concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites… Read More »Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following… Read More »U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits.… Read More »Python’s PyPI Reveals Its Secrets
A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. “This is the first time researchers observed TA547 use… Read More »TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits.… Read More »Python’s PyPI Reveals Its Secrets
Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also… Read More »Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks
Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score… Read More »Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability
Threat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the… Read More »Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware