Latest Cybersecurity News and Articles
07 January 2025
Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution.
The list of vulnerabilities is as follows -
CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain
06 January 2025
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation.
"Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday.
"Citizens are empowered with rights to demand data erasure,
06 January 2025
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner.
This week, we dive into the hidden risks, surprising loopholes, and the clever tricks
06 January 2025
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout
06 January 2025
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices.
"Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation,"
06 January 2025
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems.
"By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,
04 January 2025
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code.
Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0.
"The
04 January 2025
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution.
The backdoor, according to Google's Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source
04 January 2025
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims.
These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or
03 January 2025
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses.
The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
03 January 2025
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition.
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
03 January 2025
Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure.
"We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program
03 January 2025
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant.
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the
02 January 2025
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML
02 January 2025
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
02 January 2025
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user
02 January 2025
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
01 January 2025
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
"Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.
01 January 2025
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election.
The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence
31 December 2024
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.
"This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our