Blog
Hackers Email Stolen Student Data to Parents of Nevada School District
Parents have received emails from the threat actors, with leaked PDF documents containing student data, causing concerns about potential identity theft and phishing attacks.
Raven: Open-source CI/CD pipeline security scanner
Raven scans GitHub workflows, breaks them into components, and utilizes a knowledge base to identify vulnerabilities, making it easier for security teams to assess and address risks.
OT Cyberattacks Proliferating Despite Growing Cybersecurity Spend
The complexity of OT environments, the convergence of IT and OT, insider attacks, and supply chain vulnerabilities contribute to the lack of success in defending against these attacks.
Three New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
The vulnerabilities, tracked as CVE-2022-4886, CVE-2023-5043, and CVE-2023-5044, include path sanitization bypass, annotation injection for arbitrary command execution, and code injection via the permanent-redirect annotation.
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 (CVSS score:...
New Hunters International Ransomware Possible Rebrand of Hive
Though it shares strong similarities, Hunters International denies being the same group as Hive, claiming to have purchased the source code from them, and focuses on stealing data rather than encryption.
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app...
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The...
CCleaner Says Hackers Stole Users’ Personal Data During MOVEit Mass-Hack
The hackers exploited a vulnerability in the MOVEit file transfer tool, used by CCleaner, to access sensitive data. The stolen information includes names, contact details, and product purchase information. Less than 2% of users were affected.
CCleaner Says Hackers Stole Users’ Personal Data During MOVEit Mass-Hack
The hackers exploited a vulnerability in the MOVEit file transfer tool, used by CCleaner, to access sensitive data. The stolen information includes names, contact details, and product purchase information. Less than 2% of users were affected.
FREE GUIDE