Social media platforms are overflowing with scams. In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK...

Authored by: Vignesh Dhatchanamoorthy In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding... The post GUloader Unmasked:...

The Singapore-based company, which provides AI-powered tools for designing image and video content, has suffered a massive data breach that compromised the personal information of nearly 20...

Pure Incubation was founded in 2012, and the company later rebranded to DemandScience.Back in March 2024, an actor named KryptonZambie posted a thread on Breach Forums selling a database belonging...

Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples...

Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful...

Outlook is the most popular email client in the world with all of the other Microsoft Office Suite of products being equally important. Finding vulnerabilities in this can have devastating...

In this post, we take a closer look at the Digital Operational Resilience Act (DORA), and discuss how Wiz can help financial institutions navigate these new regulations.

Enzyme Fiance is an on-chain asset management protocol. Users can create access rules, trading limits and other various rules. Within this, there are three main roles: asset manager, end users and...

Stacks is a Bitcoin L2 blockchain. It uses the Clarity (Cl) language, which has a LISP-like syntax, for executing smart contracts. For some reason, the article says that it's more secure to use an...

Context In the chilly month of December 2023, my colleagues Jason (@BreakerOfSigns), Szymon (@TH3_GOAT_FARM3R), and myself (@felmoltor) were on a red team. This one was tough, but we had fun. We...

Introducing the "Zero Critical Club" — a growing group of Wiz customers who've achieved the extraordinary feat of having zero critical issues in their environments.

Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More

Identifiable data included job searches, map directions, "cosplay erotica."

On 2024-02-23, a research was reported, involving , gaining initial access via Unknown, while using Refresh token compromise, Attach administrative role to account, Create or modify cloud key, to...

IntroductionA Chinese Ministry of Public Security (MPS) contractor called iSOON (also known as Anxun Information) that specializes in network penetration research and related services has had its...

CVE-2024-23204 sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential...

CVE-2024-23204 sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential...

Researchers identified a malicious campaign focusing on Apache big-data solutions, particularly Apache Hadoop and Apache Druid. This campaign leverages the Lucifer DDoS botnet, infecting Linux...

We explore “proof-of-storage" cryptocurrencies like Chia, the potential for proof-of-storage cryptojacking attacks, and steps defenders can take to detect them.

On 2024-02-21, a research was reported, involving , gaining initial access via Insider threat, to achieve Resp. disclosure.

On 2024-02-21, an incident was reported, involving an unknown actor, gaining initial access via Unknown, while using Data exfiltration from cloud storage, targeting S3 Bucket to achieve Data...

Satellite images newly obtained by Bellingcat shed light on how a stranded barge at the centre of a major oil spill ended up aground and leaking oil off the Tobago coast. The post How a Leaking...

A new campaign named Migo targeting Redis servers running on Linux hosts to mine cryptocurrency. The campaign was identified following suspicious activities on a Redis honeypot, where a malicious...

On 2024-02-20, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using SSH propagation, targeting Confluence Server to achieve Resource...

I created a small crypto style CTF for Black Hat last year (we’re training again this year, check our courses out) and hid the starting point in an “easter egg” on a deck of cards. The deck of...

On 2024-02-18, a research was reported, involving , gaining initial access via Software misconfig, to achieve Resp. disclosure.

Last year, a web cache deception caching vulnerability was discovered in ChatGPT. The vulnerability was that anything ending in a particular file type was cached but it had a fuzzy path...