CVE-2024-53677 is a critical vulnerability in Apache Struts 2 with a CVSS score of 9.5. This flaw in the file upload logic allows path traversal and uploading of malicious files, enabling remote...

Vulnerabilities in Microsoft Azure Data Factory's integration with Apache Airflow can lead to unauthorized access and control over cloud resources. The post Dirty DAG: New Vulnerabilities in Azure...

SUMMARY Cicada3301, a ransomware group, has claimed responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent…

Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.

The once-prominent technology firm bought Cylance for $1.4 billion in 2018. The post Arctic Wolf acquires Cylance from BlackBerry for $160 million appeared first on CyberScoop.

The agency is seeking public comment on its much-anticipated draft update to 2016’s PPD-41. The post CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework appeared...

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a...

The hackers stole names, phone numbers, dates of birth and information related to health conditions, treatments and prescriptions. © 2024 TechCrunch. All rights reserved. For personal use only.

The company didn’t specify what kind of data was stolen by the cybercriminals, but according to local media reports, the hackers accessed over 400,000 files, including personal and financial data...

According to Rhode Island Gov. Dan McKee, the state was informed of a "major security threat" by the consulting firm Deloitte, which manages the social services platform RIBridges.

Known as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware. The post PHP backdoor looks to be work of Chinese-linked APT group appeared first on CyberScoop.

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by...

SUMMARY The Cl0p ransomware group has recently claimed responsibility for exploiting a critical vulnerability in Cleo’s managed file…

With the latest OS versions, you can generate an AirTag link to help airline personnel track down your missing luggage. Apple says privacy safeguards are built in.

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday...

The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. [...]

The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million...

Whether you want to disguise your IP address to improve your privacy at college or bypass school blocks to access educational resources, these are the best school VPNs.

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

The company's spyware, dubbed Graphite, is capable of hacking phones and stealing private communications. © 2024 TechCrunch. All rights reserved. For personal use only.

Kali Linux has released version 2024.4, the fourth and final version of 2024, and it is now available with fourteen new tools, numerous improvements, and deprecates some features. [...]

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial...

CISA and EPA have published guidance for operators of water and wastewater systems to protect against cyber-attacks

Edge computing is one of the fastest-growing enterprise technologies. But what exactly is the edge? How does it work? And where is it located? Learn all this and more, including how low-latency...

Arctic Wolf has acquired Cylance, BlackBerry’s beleaguered cybersecurity business, for $160 million — a significant write-down from the $1.4 billion BlackBerry paid to acquire the company in 2018....

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI)...

A 20-year-old Tucson man was arrested for horrific CSAM and cyberstalking linked to the dangerous online extremist group 764.

Rhode Island's RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software

2024-12-11 • JPCERT/CC • Tomoya Kamei • win.spygrace Open article on Malpedia

CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. [...]