08/68 Tuesday, January 7, 2025 A high-severity vulnerability has been discovered in Nuclei, an open-source vulnerability scanning tool, identified as CVE-2024-43405 with a CVSS score of 7.4. This vulnerability allows attackers to bypass signature verification and inject malicious code into templates. According to Wiz’s security team, the issue arises from differences in newline character handling […]
07/68 Tuesday, January 7, 2025 Cybersecurity company ESET has advised Windows 10 users to upgrade to Windows 11 immediately or switch to another operating system before security support ends on October 14, 2025, to avoid serious cybersecurity risks. Thorsten Urbanski, an expert from ESET, stated, “We recommend that all users transition to Windows 11 as […]
06/68 Monday, January 6, 2025 The Android malware FireScam has been discovered masquerading as a Telegram Premium app and spreading through a phishing website hosted on GitHub that mimics the appearance of RuStore, a Russian app marketplace. RuStore was launched in 2022 as an alternative to Google Play and the App Store following tech sanctions […]
05/68 Monday, January 6, 2025 The US Department of the Treasury has imposed sanctions on Integrity Tech, a Beijing-based cybersecurity company, after identifying its involvement in cyberattacks linked to the hacker group Flax Typhoon, which is allegedly backed by the Chinese government. The Office of Foreign Assets Control (OFAC) stated that Integrity Tech was used […]
04/68 Friday, January 3, 2025 Lumen has reported that it successfully blocked the Salt Typhoon hacker group, linked to China, from accessing its network, confirming that no customer data was accessed or leaked. Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been active since 2019, targeting government agencies and global telecommunications companies. Most recently, […]
03/68 Friday, January 3, 2025 The role of AI is becoming a critical focus for organizations worldwide in 2025. Analysts believe that the use of Generative Artificial Intelligence (GenAI) and Large Language Models (LLMs) will significantly enhance productivity and efficiency. However, these advancements also introduce new challenges in terms of security, privacy, and governance. The […]
02/68 Thursday, January 2, 2025 The U.S. Department of the Treasury, under the Office of Foreign Assets Control (OFAC), has sanctioned organizations in Iran and Russia for attempting to interfere in the 2024 U.S. presidential election. The Iranian organization, the Cognitive Design and Planning Center (CDPC), operates under the Islamic Revolutionary Guard Corps (IRGC) and […]
01/68 Thursday, January 2, 2025 The U.S. Department of Justice (DoJ) has announced the final rule for implementing Executive Order (EO) 14117, aimed at regulating the mass transfer of personal data to countries considered potential threats, such as China, Cuba, Iran, North Korea, Russia, and Venezuela. This new rule stems from President Joe Biden’s executive […]
461/67 Friday, December 27, 2024 The Apache Software Foundation (ASF) has released a security update to address a critical vulnerability in Apache Traffic Control that could allow malicious actors to execute harmful SQL commands on the database. Identified as CVE-2024-45387, the vulnerability has been assigned a CVSS score of 9.9 out of 10.0. It affects […]
460/67 Friday, December 27, 2024 Cybersecurity researchers from Claroty have uncovered critical vulnerabilities in the cloud platform and networking devices of Ruijie Networks, potentially allowing attackers to gain control over more than 50,000 networking devices worldwide. Additionally, new flaws have been identified in the MIB3 infotainment system used in Skoda vehicles, enabling attackers to eavesdrop, […]
