Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or… Read More »GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a… Read More »GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand… Read More »The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked… Read More »Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. “If a country is unhappy with an internet service,… Read More »Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux… Read More »Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list… Read More »Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting… Read More »Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of… Read More »U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing… Read More »NIST Cybersecurity Framework (CSF) and CTEM – Better Together