13/68 Friday, January 10, 2025 Ivanti, a provider of cybersecurity solutions, has disclosed the exploitation of a zero-day vulnerability identified as CVE-2025-0282 in its Ivanti Connect Secure product. This vulnerability allows hackers to execute remote code and install malware on affected systems. CVE-2025-0282 is classified as a critical buffer overflow vulnerability with a severity score […]
12/68 Thursday, January 9, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities in Oracle WebLogic Server and Mitel MiCollab to its Known Exploited Vulnerabilities (KEV) catalog after these vulnerabilities were found to be actively exploited in real-world attacks. The Oracle WebLogic Server vulnerability, identified as CVE-2020-2883, has a CVSS score of […]
11/68 Thursday, January 9, 2025 Cybercriminals are increasingly leveraging artificial intelligence (AI) to craft sophisticated and convincing phishing emails that are difficult to detect. This has resulted in a significant rise in successful attacks. According to Egress, an email security service provider, 71% of AI-generated phishing emails can bypass email filtering and security systems, putting […]
10/68 Wednesday, January 8, 2025 Tenable, the developer of the “Nessus” vulnerability scanning tool, has announced the deactivation of Nessus Scanner Agent versions 10.8.0 and 10.8.1 after discovering that “differential” plugin updates caused the agents to go offline on some systems. As a precaution, the company has temporarily halted plugin updates while investigating and addressing […]
09/68 Wednesday, January 8, 2025 Kaspersky security researchers have disclosed details about EagerBee, a backdoor malware developed to enhance its stealth capabilities and post-infection operations. This malware has been used to attack key organizations in Middle Eastern countries, with attackers targeting Internet Service Providers (ISPs) and government agencies. EagerBee demonstrates advanced technological capabilities by operating […]
08/68 Tuesday, January 7, 2025 A high-severity vulnerability has been discovered in Nuclei, an open-source vulnerability scanning tool, identified as CVE-2024-43405 with a CVSS score of 7.4. This vulnerability allows attackers to bypass signature verification and inject malicious code into templates. According to Wiz’s security team, the issue arises from differences in newline character handling […]
07/68 Tuesday, January 7, 2025 Cybersecurity company ESET has advised Windows 10 users to upgrade to Windows 11 immediately or switch to another operating system before security support ends on October 14, 2025, to avoid serious cybersecurity risks. Thorsten Urbanski, an expert from ESET, stated, “We recommend that all users transition to Windows 11 as […]
06/68 Monday, January 6, 2025 The Android malware FireScam has been discovered masquerading as a Telegram Premium app and spreading through a phishing website hosted on GitHub that mimics the appearance of RuStore, a Russian app marketplace. RuStore was launched in 2022 as an alternative to Google Play and the App Store following tech sanctions […]
05/68 Monday, January 6, 2025 The US Department of the Treasury has imposed sanctions on Integrity Tech, a Beijing-based cybersecurity company, after identifying its involvement in cyberattacks linked to the hacker group Flax Typhoon, which is allegedly backed by the Chinese government. The Office of Foreign Assets Control (OFAC) stated that Integrity Tech was used […]
04/68 Friday, January 3, 2025 Lumen has reported that it successfully blocked the Salt Typhoon hacker group, linked to China, from accessing its network, confirming that no customer data was accessed or leaked. Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been active since 2019, targeting government agencies and global telecommunications companies. Most recently, […]
