Network SecurityBackdoor in utility commonly used by Linux distros risks SSH compromiseLaura FrenchMarch 29, 2024The critical supply chain threat affects beta releases of Red Hat Fedora, Debian and more.
Network SecurityPyPI halts new projects, users for 10 hours due to infostealer influxLaura FrenchMarch 29, 2024Typosquatting attack installed malicious packages to harvest credentials and crypto wallet data.
Network Security‘TheMoon’ malware shows its dark side, grows to 40,000 bots from 88 countriesSteve ZurierMarch 29, 2024Malware first identified in 2014 re-emerges and gets delivered by the criminal proxy service Faceless, now growing at 7,000 users per week.
Critical Infrastructure SecurityOdd NuGet package for industrial equipment raises espionage concernsLaura FrenchMarch 28, 2024The open-source .NET package stealthily exfiltrates screenshots from BOZHON equipment.
Identity‘Darcula’ phishing platform targets postal organizations worldwideSteve ZurierMarch 28, 2024Netcraft researchers say the Chinese-language PhaaS platform targeted postal organization in more than 100 countries, including USPS.
Network SecurityGoogle: Zero-day exploits increasingly target enterprise technologiesSimon HenderyMarch 28, 2024An analysis found threat actors are increasingly targeting enterprise-specific technologies.
IdentityApple ID ‘push bombing’ scam campaign hits cyber startup foundersLaura FrenchMarch 27, 2024Attackers trigger hundreds of password reset prompts in an attempt to take over iCloud accounts.
Vulnerability ManagementRockwell Automation posts advisories on 10 new bugsSteve ZurierMarch 27, 2024CISA encouraged security teams handling industrial control systems to review and mitigate the Rockwell Automation bugs.
Network SecurityFortinet FortiClient EMS SQL injection flaw exploited in the wildLaura FrenchMarch 26, 2024A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday.
Network SecurityFlaw in Ray AI framework potentially leaks sensitive data of workloadsSteve ZurierMarch 26, 2024Threat actor targets AI workloads, believed to be first exploited in the wild.