.webp
)
Critical OpenSSL Vulnerability Allow Hackers to Launch Man-in-the-Middle Attacks
The OpenSSL Project announced a high-severity vulnerability (CVE-2024-12797) affecting versions 3.2, 3.3, and 3.4 of the widely used cryptographic library.
The vulnerability, discovered by Apple Inc. in December 2024, could potentially allow man-in-the-middle (MitM)...
Google OAuth “Sign in with Google” Vulnerability Exposes Millions of Accounts to Data Theft
A critical vulnerability in Google’s "Sign in with Google" authentication flow is putting millions of Americans at risk of data theft, particularly those who have worked for failed startups.
The issue lies in how...
Fortinet FortiGate Firewalls Under Attack By Exploit a Zero-Day Vulnerability
Cybersecurity firm Arctic Wolf has disclosed details of an ongoing cyber campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the public internet.
Fortinet confirmed the exploitation of this zero-day vulnerability after...
Critical macOS Sandbox Vulnerability (CVE-2024-54498) PoC Exploit Released Online
A proof-of-concept exploit was released for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498.
Security researcher @wh1te4ever recently revealed a proof-of-concept (PoC) exploit showcasing how the flaw allows malicious applications to escape the...
Mirai Botnet Exploiting Routers 0-Day Vulnerabilities to Launch DDoS Attack
Researchers have uncovered a sophisticated botnet, dubbed "Gayfemboy," which has been exploiting 0-day vulnerabilities in industrial routers.
First identified in February 2024 by cybersecurity experts at XLab, this botnet has demonstrated exceptional resilience and...
Casio Hacked – Attackers Compromised the Server Via Ransomware Attack
Global electronics manufacturer Casio Computers servers had been compromised in a ransomware attack, resulting in a significant data breach.
The cyberattack, which occurred on October 5, 2024, led to the unauthorized access of sensitive...
“Bad Likert Judge” – New Technique to Jainbreak AI Using LLM Vulnerabilities
In a revealing study, researchers have introduced a new text-generation AI jailbreak technique, dubbed the “Bad Likert Judge.” This method, aimed at exposing vulnerabilities in large language models (LLMs), demonstrates how certain attack strategies...
AWS Repeats Same Critical RCE Vulnerability 3 Times in 4 Years
Amazon Web Services (AWS) has introduced the same remote code execution (RCE) vulnerability three times over the last four years through its Neuron SDK, highlighting critical lapses in securing its Python package installation processes....
7-Zip Zero-Day Exploit Allegedly Leaked Online
A critical 7-Zip zero-day exploit has been allegedly leaked by a hacker who is an individual operating under the alias "NSA_Employee39" on X, which allows attackers to execute arbitrary code on a victim’s machine...
Ford Motors ‘X’ Account Hacked – Pro-Palestine Posts Appear Briefly
The official X (formerly Twitter) account of Ford Motor Company appeared to have been compromised on Monday, according to widespread reports based on posts circulating across social media platforms.
Screenshots shared by users suggested...
Recent Posts
New Device Code Phishing Attack Exploit Device Code Authentication To Capture...
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as "device code phishing" to capture authentication tokens.
This attack,...