Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,

The Hacker News
#vulnerability#web#cisco#js#git#java#backdoor#rce#The Hacker News
Normalizing Security Culture: Don’t Have to Get Ready If You Stay Ready

Prioritizing security as a critical element to an organization’s effectiveness and success will reduce the risk of incidents, while benefiting the whole team and the organization’s reputation.

Cyberattackers Use HR Targets to Lay More_Eggs Backdoor

The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

Are hardware supply chain attacks “cyber attacks?”

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

GenAI Writes Malicious Code to Spread AsyncRAT

Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open source remote access Trojan.