A critical privilege escalation vulnerability dubbed “CIFSwitch” has been discovered in the Linux kernel’s CIFS (Common Internet File System) implementation, allowing unprivileged local users to gain root access on multiple distributions. The flaw affects kernel versions spanning several years and i
A critical memory corruption vulnerability dubbed “Nginx-poolslip” has been discovered in Nginx web server software, potentially affecting millions of servers worldwide. The flaw enables attackers to trigger denial-of-service conditions and execute arbitrary code remotely. Organizations running vuln
A sophisticated cross-platform credential stealer has been discovered in the NPM ecosystem, employing advanced sandbox evasion techniques to harvest sensitive data from developer workstations. The malware specifically targets Windows, Linux, and macOS systems, using environment fingerprinting to det
Kazuar, a sophisticated .NET-based backdoor attributed to Russian APT group Secret Blizzard (formerly Turla), has undergone significant evolution since its discovery in 2017. Recent analysis reveals the malware has transformed into a highly modular espionage platform with plugin-based architecture,
Iranian state-sponsored threat actors are leveraging Microsoft Azure cloud infrastructure to host command-and-control (C2) domains for their custom MiniUpdate remote access trojan (RAT). This sophisticated espionage campaign exploits the trust associated with legitimate cloud services to evade detec
A critical security vulnerability in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create rogue administrator accounts on vulnerable websites. The flaw stems from improper authentication controls in the plugin’s user management functionality, enabling complete site takeover. W
Law enforcement agencies have successfully dismantled one of the largest botnets in history, comprising over 17 million compromised devices worldwide. This massive network of infected computers, IoT devices, and servers was capable of launching devastating distributed denial-of-service (DDoS) attack
Gremlin stealer just leveled up. New variant uses resource file obfuscation, crypto clipping and session hijacking to fly under the radar. Your data’s at risk.
The notorious cybercrime group ShinyHunters has leaked what appears to be Charter Communications customer data on a dark web forum, claiming to have exposed information on approximately 5 million customers. The dataset allegedly contains personal information including names, addresses, phone numbers
A contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed Amazon Web Services (AWS) GovCloud credentials on a public GitHub repository. The leaked keys provided access to sensitive federal government cloud infrastructure, raising serious questions ab