Exploit

Cybersecurity Insights with Contrast CISO David Lindner | 04/25/25

Cybersecurity Insights with Contrast CISO David Lindner | 04/25/25

| | AI adoption, AI guidance, application detection and response, Exploit, exploitation, Malicious AI, Secure AI, Slopsquatting, Vulnerabilities
Insight No. 1 — Fast code, slow security? Think ADR Consider the scenario: Development teams are pushing code at unprecedented speeds, and vulnerabilities, whether human or AI-generated, are lingering far too long ...
AppSec Observer
Application Detection and Response Analysis: Why ADR? How ADR Works, and ADR Benefits

Application Detection and Response Analysis: Why ADR? How ADR Works, and ADR Benefits

| | cyberattacks, Cybersecurity, Exploit, threats, vulnerability, zero-day
Two highly respected technology analysts from different cybersecurity disciplines are coming together to recommend that companies consider Application Detection and Response. Organizations face a constant barrage of cyber threats, including zero-day vulnerabilities ...
AppSec Observer
Shocking SQL Injection in TSA App & Bitcoin ATM Scams Targeting Seniors

Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors

| | atm, Bitcoin, Bitcoin ATM, bug bounty, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Elderly, Episodes, Exploit, Hacking, Information Security, Infosec, Podcast, Podcasts, Privacy, scam, Scams, security, Security Research, Security Researcher, Senior Citizens, Seniors, sql injection, sqli, technology, tsa, vulnerability, Weekly Edition
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of ...
Shared Security Podcast
Facial Recognition Fail: How It Misidentified an Innocent Man

Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices

| | arrest, Cyber Security, Cybersecurity, data, Data Privacy, Delete My Data, Detroit, Detroit Police, Digital Forensics, Digital Privacy, Episodes, Exploit, facial recognition, hard drive, HDD, Information Security, Infosec, Old Computer, Old PC, openssh, personal data, Podcast, Podcasts, Privacy, Qualys, RegreSSHion, Secure Wipe, security, SSH, technology, vulnerability, Weekly Edition, zero-day
In episode 337, we cover “broken” news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police ...
Shared Security Podcast
Exploit creator selling 250+ reserved npm packages on Telegram

Exploit creator selling 250+ reserved npm packages on Telegram

| | Exploit, Malware Analysis, npm, Sonatype Repository Firewall, Vulnerabilities
Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web ...
2024 Sonatype Blog

Google Pixel Firmware Zero-Day Flaw Exploited And Patched

| | CVE-2024-32896, Cybersecurity News, Exploit, Flaw Exploited, Google Pixel Firmware, new exploit
Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Identified as CVE-2024-32896, this high-severity issue involves an ...
TuxCare
Code 1

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

| | CVE 2024-4577, Exploit, imperva, Imperva Threat Research, reccomendations, Threat Research
Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, ...
Blog

GHOSTENGINE Exploit: Vulnerable Drivers Facing Attack

| | BYOVD, Command-and-Control (C2), Cryptojacking, Cyber Threats, Cybersecurity, Cybersecurity News, Elastic Security Labs, Endpoint Detection and Response (EDR), Exploit, GHOSTENGINE, Microsoft Defender Antivirus, persistence, PowerShell Script, security protocols, System Performance, vulnerability patching, Vulnerable drivers, XMRig miner
A recent revelation in the cybersecurity realm uncovers a concerning development dubbed GHOSTENGINE, a cryptojacking campaign employing a sophisticated method to bypass security measures. In this blog, we’ll look at the GHOSTENGINE ...
TuxCare

Gootloader Attacks Healthcare Down Under

| | AttackIQ Flex, cyberattack, Exploit, GootLoader, healthcare, social engineering
In the vast landscape of Australia, the healthcare sector faces mounting challenges in the realm of cybersecurity. Threat actors are increasingly setting their sights on healthcare institutions, exploiting vulnerabilities with cunning precision ...
AttackIQ

Response to ScreenConnect’s Recent Zero-day Vulnerability Exploitation

| | adversary emulation, Broad-Based Attacks, ConnectWise, Exploit, Ransomware, ScreenConnect, SlashAndGrab, zero-day
AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits affecting ConnectWise’s ScreenConnect software. This assessment template comprises the various Tactics, Techniques, and Procedures (TTPs) ...
AttackIQ
Load more