unveiled

  • Google has officially launched Vanir, a groundbreaking open-source security patch validation tool designed to enhance the efficiency and accuracy of patch management.

    Read More

  • A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file read vulnerability with CVE-2024-41713, which allows attackers to bypass authentication.

    Read More

  • The digital world is evolving at breakneck speed. In 2025, we’re set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives.

    Read More

  • MalBot December 3, 2024, 1:01pm 1 Technology integration bolsters cloud detection and response to stop attackers and stay secure.

    Read More

  • Riyadh, (APP – UrduPoint / Pakistan Point News – 29th Nov, 2024) By its third day, Black Hat middle East and Africa (MEA) 2024 cybersecurity event in Malham, north of Riyadh, witnessed the launch of several important cybersecurity initiatives and solutions, including a strategic SAR50-million investment from IMPACT46.

    Read More

  • Microsoft Threat Intelligence analysts has shared new insights into North Korean and Chinese threat actors. At the recent CYBERWARCON, cybersecurity analyst shared details into the rise of attacks, the evolution of threat actor tactics, and the strategies employed by various state-backed groups.  

    Read More

  • The State of API Exposure 2024 report from the Escape team has unveiled a staggering number of exposed and vulnerable APIs within some of the world’s largest organizations. This comprehensive analysis sheds light on the critical security lapses plaguing Fortune 1000 companies, with implications that stretch across industries from finance to healthcare.

    Read More

  • Raspberry Robin, also known as Roshtyak, stands out as a highly advanced malicious downloader. Discovered in 2021, it has gained notoriety for its use of infected USB drives and sophisticated techniques, posing a significant challenge to researchers and organizations alike. Zscaler ThreatLabz recently published an in-depth analysis revealing the malware’s multi-layered execution, advanced obfuscation, and…

    Read More

  • Published in · 11 min read · Just now Are you browsing on Chrome, Firefox, Brave, or Edge? It might feel safe, but what if I told you that everything you do on those browsers — passwords, credit card details, and sensitive data — could be stolen by a ‘local attacker’; Sounds a bit anticlimactic,…

    Read More

  • TAG-112 may be a subgroup of Chinese advanced persistent threat group Evasive Panda, also known as TAG-102 and StormBamboo, due to significant similarities in attack tactics, techniques, and procedures, an analysis from Recorded Future’s Insikt Group revealed.

    Read More

  • The FBI, Cybersecurity and Infrastructure Security Agency, and the Australian Cyber Security Centre have partnered to establish new guidelines urging software manufacturers and cloud-based services to create secure software deployment processes that would help ensure the safety and reliability of their products, according to SecurityWeek.

    Read More

  • Quick Heal’s SEQRITE Labs has recently uncovered a significant cyber-espionage campaign dubbed Operation Cobalt Whisper, targeting sensitive industries in Pakistan and Hong Kong. The operation, attributed to a yet unidentified Advanced Persistent Threat (APT) group, reveals a sophisticated approach to compromising defense, research, and technical sectors in South Asia through a well-orchestrated series of attacks.

    Read More

  • MalBot October 17, 2024, 6:05am 1 Europol coordinated the European dimension of the investigation, working closely with law enforcement agencies across Europe to identify victims and suspects, ensuring swift action in multiple jurisdictions.Victims of the attacks include sensitive government and critical infrastructure targets around the world, including the U.S. Department of Justice, the U.S. Department…

    Read More

  • 1win Nigeria Website: A Full Spectrum Online Betting Review 1win Nigeria is a rapidly emerging betting platform that has garnered attention for its modern design and user-centric features. Designed to cater to a global audience, 1win offers a seamless betting experience encompassing a wide range of sports, casino games, and other betting markets.

    Read More

  • Security researchers have discovered a sophisticated strain of malware targeting Linux servers dubbed Perfctl. Its dual purpose is mining cryptocurrency and proxyjacking.

    Read More

  • Gen Threat Labs has issued an alert about a newly discovered rootkit named Snapekit, which poses a significant threat to Arch Linux systems running kernel version 6.10.2-arch1-1 x86_64. This sophisticated malware hooks into 21 system calls, hides its payload effectively, and evades detection by operating in user space while cleverly dodging analysis tools and debuggers.

    Read More

  • Critical infrastructure organizations have been urged to adhere to the six principles of operational technology environment security, including paramount safety, business knowledge, OT data value and protection, OT segmentation, secure supply chains, and the significance of personnel in OT cybersecurity under new joint guidelines by the U.S. and its allies, including Canada, Australia, Germany, Japan, and the…

    Read More

  • Security researcher Zach Hanley from Horizon3.ai published the technical details and a proof-of-concept (PoC) exploit code for a critical hardcoded credential vulnerability, CVE-2024-28987, in the popular SolarWinds Web Help Desk (WHD) software. This vulnerability, which received a CVSS score of 9.1, has significant implications for organizations using the WHD platform, especially those handling sensitive IT…

    Read More

  • Unit 42 has revealed a new variant of the notorious RomCom malware family, known as “SnipBot.” This sophisticated malware, first discovered in early 2024, is designed to infiltrate enterprise networks, execute remote commands, and download additional malicious payloads. SnipBot represents the latest iteration of RomCom, incorporating novel code obfuscation techniques and advanced anti-detection strategies. It…

    Read More

  • Published in · 17 min read · 4 days ago Hey folks, it’s Mohamed eletrepy aka Maverick! Welcome to my second blog post — it’s great to meet you again, and this time we’re diving into an awesome machine called Escape. This machine really stood out to me because it mirrors a more real-world scenario,…

    Read More