Latest News

Game Freak’s “Teraleak” appears to expose nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games,…

Veeam B&R RCE vulnerability CVE-2024-40711 is exploited in attacks. On September 24, there were no signs of this vulnerability being exploited in the wild. And on October 10, Sophos X-Ops reported that they had observed a series of attacks exploiting this vulnerability over the course of a month. The attackers’ goal was to install Akira […]

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities

The ABB BMS/BAS controller uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

Plus: New details emerge in the National Public Data breach, Discord gets blocked in Russia and Turkey over alleged illegal activity on the platform, and more.

Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.

It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own

pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Companies are putting "AI" in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skills.