Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

reNgine 2.2.0 Command Injection

reNgine version 2.2.0 suffers from an authenticated command injection vulnerability.

Packet Storm
Open in Source
#vulnerability#mac#git#auth
What Communications Companies Need to Know Before Q-Day

NIST standardized three algorithms for post-quantum cryptography. What does that mean for the information and communications technology (ICT) industry?

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,

License Plate Readers Are Creating a US-Wide Database of More Than Just Cars

From Trump campaign signs to Planned Parenthood bumper stickers, license plate readers around the US are creating searchable databases that reveal Americans’ political leanings and more.

AI 'Nude Photo Generator' Delivers Infostealers Instead of Images

The FIN7 group is mounting a sophisticated malware campaign that spans numerous websites, to lure people with a deepfake tool promising to create nudes out of photos.

4 Ways to Fight AI-Based Fraud

Generative AI is being used to make cyberscams more believable. Here's how organizations can counter that using newly emerging tools and reliable methods.

Unix Printing Vulnerabilities Enable Easy DDoS Attacks

All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The