15Articles
6Categories
2025-01-04Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
4 JanResearchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code ExecutionA high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it c…THEHACKERNEWS.COM
4 JanWhat We Know About CVE-2024-49112 and CVE-2024-49113This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation.TRENDMICRO.COM
4 JanCritical Windows LDAP flaw could lead to crashed servers, RCE attacksResearchers have published a proof-of-concept exploit for a pair of Windows Lightweight Directory Access Protocol (LDAP) flaws that could lead to server crashes or remote code execution (RCE) on Windows servers. “Active Directory Domain Controllers (DCs) are considered to be one …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
4 JanNuclei flaw bypasses template signature checks to execute commandsA now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. [...]BLEEPINGCOMPUTER.COM
4 JanPLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN AppsCybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Managed Defense t…THEHACKERNEWS.COM
4 JanI Refuse to Let AI Take Over My Desktop!They say it’s safe, encrypted, and local—but can you really trust an AI tool that takes constant screenshots of your screen? 🤔 Here's why I REFUSE to enable it no matter how hard they push! From "zero-day exploits" to privacy concerns, it’s time to rethink what "secure" really me…YOUTUBE.COM
🔥 INCIDENT REPORTING 2[−]
4 JanU.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking CampaignsThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been …THEHACKERNEWS.COM
4 JanHacked Wi-Fi from 5,000 Miles Away! 😱Hackers couldn’t log in because of MFA, but that didn’t stop them. They found a shocking way to use stolen credentials from halfway across the world. The craziest part? They hacked their neighbor’s Wi-Fi to make it happen! Learn how they bypassed security measures without breakin…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 2[−]
4 JanIt looks like the Raspberry Pi RP2350 Hacking Challenge has been beaten — Hacker gains access to the OTP secret by glitching the RISC-V cores to enable debuggingsubmitted by BrikoX to cybersecurity 88 points | 5 comments https://www.tomshardware.com/raspberry-pi/it-looks-like-the-raspberry-pi-rp2350-hacking-challenge-has-been-beaten-hacker-gains-access-to-the-otp-secret-by-glitching-the-risc-v-cores-to-enable-debugging Engineer Aedan Cul…SH.ITJUST.WORKS
4 JanBad Tenable plugin updates take down Nessus agents worldwidesubmitted by kid to cybersecurity 11 points | 1 comments https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 2[−]
4 JanNew FireScam Android malware poses as RuStore app to steal dataA new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. [...]BLEEPINGCOMPUTER.COM
4 JanThe Creepiest Advertising Tech Explained 😨Forget everything you know about online ads! 😳 New tech is going beyond cookies and tracking your emotions instead. Eye movements, sweat, heart rate—nothing is off-limits! From galvanic skin responses to facial emotion detection, advertisers are finding ways to read your mind (an…YOUTUBE.COM
📡 INFOSEC NEWS 3[−]
4 JanGoogle Chrome is making it easier to share specific parts of long PDFsGoogle is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. [...]BLEEPINGCOMPUTER.COM
4 JanTenable CEO Amit Yoran diesLongtime entrepreneur and cybersecurity executive Amit Yoran passed away Friday after a battle with cancer. Cybersecurity company Tenable, where Yoran was CEO and chairman, announced his death in a press release. Before becoming Tenable’s CEO in 2016, he held a number of roles in…TECHCRUNCH.COM
4 JanIs Your Device a Cybersecurity Time Bomb? 💣Did you know your devices might be ticking cybersecurity time bombs? 💣 Tech manufacturers often prioritize profits over your security, leaving vulnerabilities wide open. In this short, we reveal the hidden risks lurking in your gadgets and why "best practices" aren’t enough to ke…YOUTUBE.COM