Researchers investigated the "perfctl malware," a Linux malware targeting misconfigurations and vulnerabilities on Linux servers. Perfctl employs rootkits, privilege escalation exploits, and...

In September 2024, threat actors conducted a campaign exploiting exposed AWS access keys to hijack AWS Bedrock services for operating illicit AI-powered roleplay chatbots. The attackers leverage...

Nuclear waste dump in Cumbria pleaded guilty to leaving data that could threaten national security exposed for four years, says regulatorSellafield will have to pay almost £400,000 after it...

ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia

Bedrock protocol is a liquid staking protocol for various assets, one of which is Bitcoin. The Dedaub team discovered an issue in the protocol then messaged the developers on Twitter about it....

Two years ago, Sam Curry and friends released one of the most banger blog posts ever - hacking every car company. After some time, they decided to come back to see if things had changed. This...

Building efficient recovery options will drive ecosystem resilience

On September 22nd, a new PyPI user orchestrated a wide-ranging attack by uploading multiple packages within a short timeframe. These packages, bearing names like “AtomicDecoderss,”...

CERT Polska has recently observed new samples of the “Joker” mobile malware. The applications are present in the Google Play Store and target Polish users, among others.

Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices

In case you missed it, hackers have been utilizing a new technique to infect victims with Infostealers, it is done by setting a fake Captcha page that prompts the victim to paste a powershell...

October 1, 2024 According to detection statistics collected by Dr.Web Security Space for mobile devices, Android.FakeApp trojan apps, used by threat actors in various fraudulent schemes, were the...

October 1, 2024 According to the detection statistics collected by the Dr.Web antivirus, the total number of threats detected in the third quarter of 2024 was up 10.81% over the previous quarter....

Resource Injection vulnerability (CVE-2024-6051) has been found in Vercom S.A. Redlink SDK.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat...

Key Takeaways Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery...

On June 5, 2024, SolarWinds released an advisory regarding a path-traversal vulnerability in their “secure” file-transfer product, Serv-U. I wrote about it here back in mid-June when it was fairly...

On 2024-09-30, an incident was reported, involving an unknown actor, gaining initial access via 0-day vulnerability, targeting ScienceLogic SL1 to achieve Data exfiltration.

Detect and mitigate CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 vulnerabilities impacting CUPS and IPP packages.

By focusing on its strengths and pooling information, the west can disrupt Russia’s war machine – but there’s no time to loseRussia is a “mafia state” trying to expand into a “mafia empire”, the...

ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years

Elastic Security Labs uncovered a Linux malware campaign that began in March 2024, targeting vulnerable servers via an Apache2 web server exploit. The attackers gained access and deployed a...

The Common Unix Printing System (CUPS) is installed on most Linux distros by default. When setting up a new laptop, the author of this post found that port 631 was open on 0.0.0.0 that was...

In Cryptography a nonce (number used only once) is an important part of any encryption or signature algorithm. It's a big deal to not reuse nonces in cryptography but they are allowed to be public...

Fuel Network is an Ethereum L2 with a custom language, bridge and VM. The contest had a reward pool of $1M. Some big-time vulnerabilities were found in it, which are explained in the article. In...

BananaGun is a telegram trading bot for Ethereum and Solana. From reading the documentation, the bot can be configured by the user to perform various actions automatically or directly from the...

Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. Compared to the second quarter of...

Insikt Group’s analysis of Rhadamanthys Stealer v0.7.0 reveals its growing capabilities, including AI-powered seed phrase extraction and MSI installer evasion tactics.