Crypto Hacking in 2024 – $2.2 Billion Stolen, North Korean Hackers Behind 61% of Attacks
The cryptocurrency industry faced another challenging year in 2024, as hacking incidents reached new heights, with $2.2 billion in digital assets stolen.
This marks a 21.07% year-over-year (YoY) increase, reinforcing concerns about the vulnerabilities...
Critical SHARP Routers Vulnerabilities Lets Attacker Trigger RCE to Gain Root Access
SHARP has issued an urgent security advisory regarding multiple vulnerabilities discovered in several of its router products. Customers using the affected devices are strongly urged to update their firmware immediately to secure their networks...
Critical PHP Zero-Day Vulnerability in Craft CMS Lets Hackers Gain Remote Access
A significant security vulnerability in Craft CMS, one of the most widely used PHP-based content management systems, has been uncovered, allowing unauthenticated remote code execution (RCE) under default configurations.
The vulnerability, identified as CVE-2024-56145,...
WhatsApp Wins NSO Pegasus Spyware Hacking Case After 5-Year Legal Battle
After five years of contentious litigation, Meta Platforms Inc., the parent company of WhatsApp, emerged victorious in its lawsuit against NSO Group, the controversial Israeli firm behind the Pegasus spyware.
The landmark decision, handed...
Criminals Abuse Microsoft Dynamics 365 to Steal User Credentials
Phishing attacks continue to evolve, leveraging legitimate platforms and services to deceive unsuspecting victims. One such tactic, highlighted by recent research from ANY.RUN, involves the abuse of Microsoft Dynamics 365.
Let’s unpack how cybercriminals exploit...
Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data...
In a striking display of cyber sophistication, the advanced persistent threat (APT) group Earth Koshchei, also tracked as APT29 or Midnight Blizzard, has been linked to a massive rogue Remote Desktop Protocol (RDP) campaign.
Earth...
WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies
A recently discovered security vulnerability dubbed "BreakingWAF" in the configuration of web application firewall (WAF) services has left numerous Fortune 1000 companies vulnerable to cyberattacks, according to Zafran, a leading cybersecurity research team.
The...
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
Researchers from South Korea have discovered that the notorious North Korean hacking group, known as Kimsuky, has adapted its phishing tactics to use malwareless phishing attack tactics, which evade major EDR detection.
The group, which...
“Rockstar 2FA” Phishing-as-a-Service Steals Microsoft 365 Credentials Via AiTM Attacks
Cybersecurity researchers have identified a concerning link between the advanced phishing toolkit known as 'Rockstar 2FA' and a surge in adversary-in-the-middle (AiTM) phishing attacks.
Highly advanced methods are used in these campaigns to trick people...
Critical GPU DDK Vulnerabilities Allow Attackers to Execute Arbitrary Code in Physical Memory
A significant development for the tech community is the identification of 2 critical vulnerabilities in several versions of a widely-used GPU Driver Development Kit (DDK) that affect systems using Unified Memory Architecture (UMA).
On...
Recent Posts
.webp?w=324&resize=324,235&ssl=1 "Web Server Hardening Best Practices For Organizations Across Industries")
Web Server Hardening Best Practices For Organizations Across Industries
Web server hardening is a critical security process that reduces an organization's attack surface and helps defend against ransomware, malware, and other cyberthreats.
In...