Forbes reports: When you think of cybercriminal actors watching you, maybe phishing threats such as Hello Pervert, where the attacker claims to know where you live and has proof to back it up, spring to mind. Or how about the ransomware gang that has been found to install employee monitoring software to watch victims at work? Recent reports […]
All it took was knowing the license plate, and millions of KIA cars could be hacked in a matter of seconds. Unión Rayo reports that ethical researchers Sam Curry and Neiko Rivera found the vulnerability. It all starts with the portal Kia offers so users can connect their smartphones to the car. From there, they […]
The Daily Hodl reports: A car rental giant says sensitive customer data has been exposed in a cybersecurity incident involving one of its vendors. In a notice posted on its website, Hertz says that its vendor, Cleo Communications US, witnessed a zero-day vulnerability exploit late last year that enabled thieves to siphon customer data. Notifications on various […]
UC Today reports: Read more at UC Today.
Alert Code: ICSMA-25-100-01 Read more at CISA.
The Record reports: Another vulnerability impacting firewall products from Ivanti is being exploited by alleged China-based hackers. An Ivanti advisory released on Thursday confirmed that a “limited number of customers” have been attacked through a bug impacting its Connect Secure, Policy Secure & ZTA Gateways tools — which are used by large organizations and government clients to […]
TechCrunch reports: U.S. cybersecurity giant Palo Alto Networks has warned that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks. Attackers are exploiting a recently disclosed vulnerability in PAN-OS, the operating system that runs Palo Alto Networks firewalls, the California-based company confirmed on Tuesday. Cybersecurity firm Assetnote first discovered the vulnerability, […]
GBHackers reports that researchers have uncovered malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE): One notable case involved attackers embedding malicious scripts within the Must-Use Plugins (mu-plugins) directory, a special WordPress folder that automatically loads plugins on every page load without requiring activation. By placing obfuscated PHP code in this directory, attackers […]
Security Affairs reports: China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices. Insikt Group researchers reported that the Chinese hacked have exploited two Cisco flaws, tracked […]
Everything old is exploitable again? DarkReading reports: Abandoned cloud storage buckets present a major, but largely overlooked, threat to Internet security, new research has shown. The risks arise when bad actors discover and re-register these neglected digital repositories under their original name, and then use them to deliver malware or carry out other malicious actions […]
