New Phishing Campaign Targets E-Commerce Shoppers Ahead of Black Friday As the busy holiday season approaches, a new phishing campaign is targeting e-commerce shoppers in Europe and the United States. Cybercriminals are creating fake pages that closely mimic legitimate brands to steal personal information. This scheme comes at a time when many people are preparing…
NSO Group's Exploits: A Deeper Look into WhatsApp's Vulnerabilities Recent legal documents have shed light on the ongoing legal battle between Meta's WhatsApp and NSO Group, revealing alarming insights into the tactics used by the Israeli spyware vendor. The documents illustrate how NSO Group exploited multiple vulnerabilities in the WhatsApp messaging app to deploy its…
Critical Authentication Bypass Vulnerability in Really Simple Security Plugin A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress. This serious security flaw, identified as CVE-2024-10924, has a CVSS score of 9.8, making it highly alarming. If successfully exploited, attackers could gain full administrative access…
Zlonamerna programska oprema predstavlja resno grožnjo v svetu kibernetske varnosti, še posebej za razvijalce znotraj platforme Roblox. Nedavno so zlonamerneži objavili pet zlonamernih npm paketov (node-dlls, ro.dll, autoadv in dve različici rolimons-api), ki so bili zasnovani za krajo poverilnic in osebnih podatkov. Ti paketi so bili preneseni več kot 320-krat, preden so jih odstranili. Izpostavljenost…
Osebni podatki več kot 16,000 uporabnikov platforme SproutBeat so bili razkriti, kar vzbuja hude skrbi glede kibernetske varnosti. Kršitev je prijavil znani akter na temnem spletu, znan kot “888”, ki trdi, da je objavil zbirko podatkov. Ta incident spet odpira vprašanja o zaščiti uporabniških podatkov in rastočih grožnjah kibernetskih napadov, ki so tarča izobraževalnih platform….
Overview of the New PAN-OS Firewall Vulnerability Palo Alto Networks has recently released new indicators of compromise (IoCs) following a significant zero-day vulnerability affecting its PAN-OS firewall management interface. A day after confirming that the vulnerability has been actively exploited, the company highlighted malicious activity originating from specific IP addresses targeting the PAN-OS management web…
BrazenBamboo Exploits Fortinet Vulnerability to Extract VPN Credentials In July 2024, a threat actor known as BrazenBamboo exploited a security flaw in Fortinet's FortiClient for Windows to extract VPN credentials. This incident is part of a larger modular framework called DEEPDATA, which was designed for advanced cyber attacks. Volexity, a cybersecurity firm, revealed the details…
## SpyAgent: Nova grožnja Android zlonamerne programske opreme Kibernetska varnost je v zadnjih letih postala ključno vprašanje za uporabnike pametnih telefonov. Zlonamerna programska oprema, kot je SpyAgent, predstavlja izrazito grožnjo, še posebej za uporabnike Android naprav. SpyAgent uporablja tehnologijo optičnega prepoznavanja znakov (OCR) za ekstrakcijo obnovitvenih fraz za kriptovalute iz posnetkov zaslona. To pomeni, da…
New Malware: WezRat Uncovered by Cybersecurity Researchers Cybersecurity researchers have recently revealed insights into a new remote access trojan (RAT) known as WezRat. This malware is linked to Iranian state-sponsored actors and serves to gather intelligence from compromised systems. Since its first detection on September 1, 2023, WezRat has been actively used to conduct reconnaissance…
In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can impact your operations significantly. They can affect security, customer confidence, and business continuity. Are you prepared to act swiftly when the unexpected happens? This post explores why rapid certificate management is essential in maintaining trust…