Attackers are pretending to be Ukraine’s Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are sending connection requests via AnyDesk under the pretext of conducting a ‘security audit to verify the level of protection,’ using the name ‘CERT.UA,’ the CERT-UA logo, and the AnyDesk ID …

Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this information may change before the official advisory is released. A Critical Patch Update contains patches for various security vulnerabilities. This update includes 320 new patches, some of which affect multiple …

OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems. The OWASP Smart Contract Top 10 lists the most common vulnerabilities in …

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement. The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request …

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and Chemical Engineering at Dhaka University, with 9 at its headquarters. Their presence is due not only to individual skills and hard work but also to the department’s robust curriculum, research …

vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues. ByteDance, TikTok’s Chinese parent company, is under pressure to sell its U.S. operations by January 19, 2025, or face a ban due to concerns about user data security and possible …

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded by the NSA and the U.S. Department of Defense, offers a flexible and user-friendly framework for cybersecurity operations and strategic decision-making. D3FEND was initially released as a beta in June …

Amazon Web Services (AWS) has recently fixed two major security vulnerabilities in its cloud services: Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (Desktop Cloud Visualization). Vulnerabilities CVE-2025-0500 and CVE-2025-0501 could let attackers conduct man-in-the-middle attacks and access remote sessions without permission. CVE-2025-0500 impacts certain versions of Amazon WorkSpaces native …

Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A report by ANY.RUN, an interactive malware analysis platform, noted that 2024 experienced the highest levels of complex malware threats in the global cybersecurity landscape. Surge in Malware Activity: In 2024, …

A recent Infoblox Threat Intel report reveals a sophisticated botnet that exploits DNS misconfigurations to spread malware widely. This botnet, made up of about 13,000 compromised MikroTik devices, uses fake sender domains and malicious emails to deliver trojan malware and engage in other harmful activities. According to the report, “This …