Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

Name That Toon: Incentives

Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

DARKReading
#backdoor#auth
US Ban on Automotive Components Could Curb Supply Chain

The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.

Russian APT Phishes Kazakh Gov't for Strategic Intel

A highly targeted cyber-intelligence campaign adds fuel to the increasingly complex relationship between the two former Soviet states.

Trusted Apps Sneak a Bug Into the UEFI Boot Process

Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named

OWASP's New LLM Top 10 Shows Emerging AI Threats

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.

Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers

A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…

Malicious Kong Ingress Controller Image Found on DockerHub

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account…

Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

The Shifting Landscape of Open Source Security

By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.