A deceptive proof-of-concept exploit for CVE-2024-49113, known as “LDAPNightmare,” on GitHub spreads infostealer malware that steals sensitive data and sends it to an external FTP server. Trend Micro discovered a case where hackers trick users into infecting themselves with malware. Trend Micro reports a malicious GitHub repository that seems to …

In a sophisticated phishing campaign, uncovered cybercriminals are exploiting CrowdStrike’s recruitment branding to target developers and deploy the XMRig cryptominer. This scam uses fake job offers to trick victims into downloading harmful software disguised as an “employee CRM application.” The attack starts with a phishing email pretending to be from …

In October 2024, security researcher Ben Sadeghipour discovered a vulnerability in Facebook’s ad platform that allowed him to run commands on its internal server, giving him control over it. After Sadeghipour reported the vulnerability to Meta, Facebook’s parent company, it was fixed within an hour, and he received a $100,000 …

In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware families. Here are five to focus on now. LockBit: LockBit is a major ransomware targeting Windows devices and is a significant threat in Ransomware-as-a-Service (RaaS) attacks. Its decentralized structure has allowed it to infiltrate high-profile …

Palo Alto Networks released a security advisory about vulnerabilities in its Expedition migration tool that could expose sensitive data and enable unauthorized actions on affected systems. Expedition, formerly the Migration Tool, is a free tool that helps users migrate to the Palo Alto Networks NGFW platform and provides a temporary …

Launched in July 2023, the new US Cyber Trust Mark allows smart devices from participating vendors to showcase their cyber resilience through the prominent display of the Cyber Trust Mark logo. “Americans have many ‘smart’ wireless interconnected devices in their homes, from baby monitors to home security cameras to voice-activated …

CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses. Two vulnerabilities impact Mitel MiCollab, a widely used unified communications …

Cybersecurity professionals serve as the first line of defense against hackers, hacktivists, and ransomware groups. To combat these cyber threats, there is an ever-growing need for skilled individuals who can effectively identify and mitigate cyber risks. As we enter 2025, both aspiring cybersecurity experts and seasoned professionals must stay informed …

Over 48,000 SonicWall devices are still vulnerable to a serious security flaw, putting organizations worldwide at risk of ransomware attacks. The CVE-2024-40766 vulnerability was disclosed in September 2024 and is actively exploited by ransomware groups Akira and Fog. CVE-2024-40766 is a serious access control vulnerability in SonicWall’s SonicOS, used in …

On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to obtain verifiable consent from parents before children can create accounts. Parents must validate their identity and age using voluntary identity proof issued by a recognized legal entity or the government, …