37/68 Tuesday, January 28, 2025 Cybersecurity experts have issued a warning about the spreading MintsLoader malware campaign, which targets organizations in the energy, oil and gas, and legal sectors across the United States and Europe. MintsLoader is designed to deploy secondary malware, such as StealC, a data-stealing tool, and BOINC, an open-source computing platform that […]
36/68 Monday, January 27, 2025 A vulnerability in the Subaru Starlink system has put vehicles and customer accounts in the U.S. and Canada at risk of remote attacks. Cybersecurity researchers Sam Curry and Shubham Shah discovered the flaw, which allows attackers with basic information such as a name, email, or license plate to take control […]
35/68 Monday, January 27, 2025 Microsoft has issued a notice to Windows system administrators that it will discontinue driver synchronization through the Windows Server Update Services (WSUS) on April 18, 2025, 90 days from now. Drivers will still be available for download via the Microsoft Update Catalog but can no longer be imported into WSUS. […]
34/68 Friday, January 24, 2025 A vulnerability has been discovered in the file management software 7-Zip, identified as CVE-2025-0411, which allows attackers to bypass the Mark of the Web (MotW) security feature in Windows. MotW is a Windows security mechanism that tags files downloaded from untrusted sources, such as the internet, to mitigate potential security […]
33/68 Friday, January 24, 2025 Cloudflare revealed on Tuesday that it successfully detected and blocked a distributed denial-of-service (DDoS) attack reaching speeds of up to 5.6 terabits per second (Tbps), marking the largest attack ever recorded. This attack occurred on October 29, 2024, targeting an Internet Service Provider (ISP) in East Asia. The assault utilized […]
32/68 Thursday, January 23, 2025 Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning about malicious actors impersonating CERT-UA to send fake AnyDesk connection requests. These requests falsely claim to be for cybersecurity inspections. The attackers are using CERT-UA’s logo and fake AnyDesk IDs to deceive targets, employing social engineering techniques to build credibility. […]
30/68 Wednesday, January 22, 2025 Hewlett Packard Enterprise (HPE) is investigating claims made by IntelBroker, a hacker group that alleges it is selling stolen data and source code from the company. The data in question reportedly includes product source codes such as Zerto and ILO, SAP Hybris systems, digital certificates, Docker files, and legacy user […]
29/68 Wednesday, January 22, 2025 Cybersecurity researchers from CYFIRMA have uncovered new Android malware named Tanzeem and Tanzeem Update. The malware is linked to an Indian APT group known as the DoNot Team or APT-C-35, which primarily targets government organizations, military agencies, foreign ministries, and embassies in South Asian countries such as India, Pakistan, Sri […]
28/68 Tuesday, January 21, 2025 Kaspersky Reveals Over 10 Vulnerabilities in Mercedes-Benz User Experience (MBUX) System Kaspersky has disclosed details of more than 10 vulnerabilities in the Mercedes-Benz User Experience (MBUX) infotainment system. Some of these vulnerabilities could potentially be exploited for Denial of Service (DoS) attacks, data extraction, remote command execution, and privilege escalation. […]
27/68 Tuesday, January 21, 2025 A severe vulnerability has been identified in the widely-used WordPress plugin, W3 Total Cache, potentially allowing attackers to access sensitive internal service data and metadata on cloud applications. The vulnerability, designated as CVE-2024-12365, carries a CVSS severity score of 8.5. W3 Total Cache is a popular plugin for optimizing WordPress […]
