Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

China-Backed APT Group Culling Thai Government Data

CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.

DARKReading
Open in Source
#git#backdoor#acer
Shadow AI, Data Exposure Plague Workplace Chatbot Use

Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.

GHSA-h4h5-9833-v2p4: Rancher agents can be hijacked by taking over the Rancher Server URL

### Impact A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. SUSE is unaware of any successful exploitation of this vulnerability, which has a high complexity bar. Please consult the associated [MITRE ATT&CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this attack category. ### Patches A new setting, [`agent-tls-mode`](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings), was added, which allows users to specify if agents will use `strict` certificate verification when connecting to Rancher. The field can be set to `strict` (which requires the agent to ver...

Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks

Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive…

ABB Cylon Aspect 3.07.00 Remote Code Execution

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details

A hacker claims Dell suffered a “minor” breach, exposing over 10,000 employee records. The incident raises cybersecurity concerns…

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries

QR Phishing Scams Gain Motorized Momentum in UK

Criminal actors are finding their niche in utilizing QR phishing codes, otherwise known as "quishing," to victimize unsuspecting tourists in Europe and beyond.