#intel

By Waqas Cado Security Labs' 2023 Cloud Threat Findings Report dives deep into the world of cybercrime, cyberattacks, and vulnerabilities. This is a post from HackRead.com Read the original post: SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the new infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto, Callisto (or Calisto),

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

By Habiba Rashid In its recent attack campaign, SpyNote Spyware is sending victims fake SMS messages urging them to install a new certified banking app. This is a post from HackRead.com Read the original post: SpyNote Spyware Returns with SMS Phishing Against Banking Customers

WordPress Stripe Payment Plugin for WooCommerce plugin versions 3.7.7 and below suffer from an authentication bypass vulnerability.

By Deeba Ahmed Industrial organizations in Eastern Europe are the prime targets of this data-harvesting campaign. This is a post from HackRead.com Read the original post: Chinese APT Group Hits Air-Gapped Systems in Europe with Malware

By Waqas The Israeli security agency Shin Bet claims to have thwarted a LinkedIn phishing scam carried out by Iranian hackers. This is a post from HackRead.com Read the original post: Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack

Researchers found a simple way to make ChatGPT, Bard, and other chatbots misbehave, proving that AI is hard to tame.