Cyber Security News

Critical infrastructure has become increasingly the target of cyberattacks, with anticipated yearly damages of $10.5 trillion USD by 2025, up from only $3 trillion USD in 2015. NIST introduced a Cybersecurity Framework in 2014...

Cybercriminals continue making malware for profit, with a recent report uncovering ASMCrypt in underground forums related to the DoubleFinger loader. In the cybercrime landscape, researchers at Securelist have also reported on new Lumma stealer and...

The widely used data integration tool Apache NiFi has been discovered to be susceptible to a critical security flaw tracked as CVE-2023-34468 that might allow remote code execution. Additionally, this significant issue might allow attackers to exfiltrate sensitive information, compromise...

A new malware-as-a-service (MaaS) loader under the name “BunnyLoader” has been discovered to be sold in multiple hacking forums. This malware has multiple functionalities which include second-stage payload downloading and executing, browser credentials and...

A new type of vulnerability in the software implementation of PKCS#1 v1.5 padding scheme for RSA key exchange, which was previously confirmed to be susceptible, has been discovered and still can be exploited. This...

QUIC, created by Google, is a modern transport layer protocol aimed at enhancing connection reliability and security while addressing latency and packet loss issues utilizing UDP. Microsoft's QUIC implementation is known as MsQuic, utilized for...

JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively. They act as key centers for publishing and exchanging reusable code libraries and packages by...

The Russian company Operation Zero is currently offering researchers $20 million in exchange for hacking tools that would enable its customers to take control of Android and iPhone devices. “By increasing the premium and providing...

The FBI alerts on rising ransomware trends and urges organizations to follow mitigation recommendations for minimizing ransomware risks and consequences. In July 2023, the FBI observed two ransomware trends, and here we have mentioned them:- Multiple...

Microsoft SharePoint Server was reported with two vulnerabilities, CVE-2023-29357 and CVE-2023-24955, which threat actors can use for achieving remote code execution (RCE) against Microsoft SharePoint Server. These vulnerabilities were discovered as part of the Zero...