Smishing Attack Targets iMessage Users by Exploiting Built-In Phishing Protections
A new smishing (SMS phishing) campaign is making waves, specifically targeting iMessage users by manipulating Apple’s built-in phishing protections. Users have been reporting examples of these attempts for months, and now the campaign is...
Fortinet FortiGate Firewalls Under Attack By Exploit a Zero-Day Vulnerability
Cybersecurity firm Arctic Wolf has disclosed details of an ongoing cyber campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the public internet.
Fortinet confirmed the exploitation of this zero-day vulnerability after...
New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption
A new ransomware campaign has surfaced, leveraging Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data in Amazon S3 buckets.
This attack was launched by a group known as "Codefinger,"...
UK Domain Registry Nominet Confirms Cyber Attack Exploiting Ivanti RCE Zero-Day
Nominet, the official registry for .uk domain names and one of the largest country code registries globally has disclosed a significant cybersecurity breach linked to a recently discovered zero-day vulnerability in Ivanti's Virtual Private...
.webp?w=324&resize=324,235&ssl=1 "OneBlood Confirms Ransomware Attack – Donor’s Personal Information Stolen")
OneBlood Confirms Ransomware Attack – Donor’s Personal Information Stolen
OneBlood, a major blood donation nonprofit serving the southeastern United States, has confirmed a significant data breach resulting from a ransomware attack that occurred in July 2024.
The organization, which provides blood to over...
CISA Adds 2 New Known Vulnerabilities That Actively Exploited in The Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new critical vulnerabilities, urging organizations to act promptly to mitigate the risks.
This catalog serves as the authoritative...
Rootkit Malware Exploiting 0-Day Vulnerabilities to Control Linux Systems Remotely
Fortinet researchers uncovered an advanced rootkit malware exploiting multiple zero-day vulnerabilities in enterprise appliances by executing a shell script (Install.sh).
The analysis sheds new light on how attackers establish persistence, hijack network traffic, and remotely...
New macOS Vulnerability Lets Attackers Bypass Apple’s System Integrity Protection (SIP)
Microsoft Threat Intelligence has identified a significant vulnerability in macOS that could allow attackers to bypass Apple’s System Integrity Protection (SIP), a critical security mechanism designed to safeguard the operating system from malicious interference....
BeyondTrust Privileged Remote Access Vulnerability Actively Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability (CVE-2024-12686) found in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) tools to its Known Exploited Vulnerabilities (KEV)...
CISA Releases A New Free Guide For OT Products Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new guidance document to enhance cybersecurity for operational technology (OT) products.
The guide, titled “Secure by Demand: Priority Considerations for Operational Technology...
Recent Posts
Bypassing Zero-Trust Policies to Exploit Vulnerabilities & Manipulate NHI Secrets
A comprehensive security research demonstration has revealed how attackers can systematically undermine modern zero-trust security frameworks by exploiting a critical DNS vulnerability to disrupt...