Cybersecurity researchers have identified multiple security flaws in popular machine learning toolkits, which could lead to server hijacks and privilege escalation. These vulnerabilities were found in 15 different open-source projects. Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the…

Read More

HPE has issued critical security patches for vulnerabilities in Aruba Access Point products, including two bugs that could allow unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10. Users should update their devices to the latest software versions to protect against these vulnerabilities. Hewlett Packard Enterprise (HPE) has released security updates…

Read More

A new phishing campaign has been found spreading a fileless version of the Remcos RAT malware, which allows cybercriminals to remotely control computers. Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT “provides purchases with a wide range of advanced features…

Read More

The founder of Bitcoin Fog has been sentenced to 12 years for cryptocurrency money laundering. Roman Sterlingov pleaded guilty to charges earlier this year. The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov,…

Read More

The US Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Palo Alto Networks Expedition to its list of known exploited vulnerabilities, indicating active exploitation of the vulnerability. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known…

Read More

A group associated with North Korea has been targeting cryptocurrency firms using malware that infects Apple macOS devices. The campaign is called Hidden Risk and is believed to be linked to BlueNoroff, known for previous malware attacks. A threat actor with ties to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related…

Read More

This text emphasizes the importance of understanding hackers’ tactics and vulnerabilities in order to enhance an organization’s security defenses. It suggests that by thinking like a hacker and anticipating their moves, one can build a stronger defense against potential breaches. Defending your organization’s security is like fortifying a castle—you need to understand where attackers will…

Read More

In 2024, the five most common malware techniques identified in the ANY.RUN Q3 report include disabling of Windows Event Logging. Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of…

Read More

A phishing campaign called CopyRh(ight)adamantys has been targeting victims since July 2024 by using copyright infringement themes to trick them into downloading a newer version of the Rhadamanthys information stealer. This campaign has been tracked by cybersecurity firm Check Point and is targeting regions such as the United States, Europe, East Asia, and South America.…

Read More

The China-aligned hacking group MirrorFace has targeted a diplomatic organization in the European Union, using the upcoming World Expo in 2025 as bait. This marks the first time MirrorFace has targeted an entity in the region. The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking…

Read More