CISA and FBI Issue Alert on SQL Injection Vulnerabilities

SQL injection vulnerabilities, often abbreviated as SQLi, persist as a significant issue in commercial software products. In response to a recent highly publicized malicious campaign exploiting SQLi vulnerabilities in a managed file ...

CISA Warns of Volt Typhoon Risks to Critical Infrastructure

The recent joint warning issued by CISA, NSA, FBI, and other U.S. government and international partners highlights a critical cybersecurity threat: Volt Typhoon, a Chinese hacking group. This group has targeted critical ...

Multiple Puma Vulnerabilities Fixed in Ubuntu

Puma is a threaded HTTP 1.1 server used for running Ruby web applications. It facilitates communication between web browsers and Ruby applications, handling incoming requests and delivering responses. Recently, the Ubuntu security ...

New SSH-Snake Worm-Like Tool Threatens Network Security

The Sysdig Threat Research Team (TRT) discovered that a threat actor is leveraging an open-source network mapping tool called SSH-Snake for malicious activities. This tool utilizes SSH credentials found on the compromised ...

VMWare Urges Users to Uninstall EAP Immediately

VMware has issued a no-patch advisory urging users to take swift action by removing the deprecated Enhanced Authentication Plug-in (EAP). EAP was deprecated nearly three years ago, in March 2021, with the ...

SNS Sender Script Used for Bulk Smishing Attacks

A new threat has emerged in the form of a Python script called SNS Sender, which malicious actors are utilizing to send bulk smishing messages through Amazon Web Services (AWS) Simple Notification ...

Ivanti Pulse Secure Found Using End of Life CentOS 6 OS

Ivanti Pulse Secure VPN appliances have recently been a target of several sophisticated attacks, highlighting the ongoing challenges in safeguarding critical IT infrastructure like network devices. UNC5221, a nation-state group, exploited these ...

Roundcube Webmail Vulnerability Under Exploitation, Patch Now

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube webmail vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2023-43770, this issue is a persistent cross-site scripting (XSS) ...

FritzFrog Botnet Strikes Back Exploiting Log4Shell Vulnerability

A new variant of the sophisticated botnet “FritzFrog” has emerged, leveraging the Log4Shell vulnerability for propagation. Despite more than two years passing since the Log4j flaw was discovered, attackers continue to exploit ...

Mitigate Ivanti Vulnerabilities: CISA Issues Emergency Directive

In recent times, the cybersecurity landscape has witnessed a surge in threats targeting Ivanti Connect Secure and Ivanti Policy Secure solutions. The Cybersecurity and Infrastructure Security Agency (CISA) has raised a red ...