Friday , July 10 2026

Alert

ALERT
Hackers Using Supershell Malware Targeting Linux SSH Servers

LINUX

Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers remote control of affected systems. After the initial infection, attackers likely used scanners to find more vulnerable targets and launched dictionary attacks with credentials collected from the compromised systems. The …

Read More »

Chrome 129 Released Fix with multiple Security Flaws

CHROMIUM

Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next few days and weeks. The latest Chrome version (129.0.6668.58 for Linux, 129.0.6668.58/.59 for Windows and Mac) includes several improvements and important security fixes. This release focuses on security by fixing …

Read More »

CISA adds windows and whatsUp Gold vuls to its KEV

cisa

CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations. CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8) Microsoft‘s MSHTML …

Read More »

Gov.t issues high alert on android devices

Android

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …

Read More »

CISA Issues Five Industrial Control Systems Advisories

ICS

CISA issues five advisories about Industrial Control Systems (ICS) on August 22, 2024. These advisories give important information about security issues, weaknesses, and threats related to ICS. ICSA-24-235-01 Rockwell Automation Emulate3D ICSA-24-235-02 Rockwell Automation 5015 – AENFTXT ICSA-24-235-03 MOBOTIX P3 and Mx6 Cameras ICSA-24-235-04 Avtec Outpost 0810 ICSA-20-282-02 Mitsubishi Electric …

Read More »

(CVE-2024-7569 and CVE-2024-7570)
Ivanti flags Critical Fixes for ITSM Vulnerabilities

ivanti

Ivanti issued a security advisory about two important vulnerabilities in its Neurons for IT Service Management (ITSM) platform. Customers using the on-premise version should act quickly. The vulnerabilities (CVE-2024-7569 and CVE-2024-7570) affect Ivanti Neurons for ITSM versions 2023.4 and older, putting them at risk of unauthorized data access and system …

Read More »

DATA CENTER ALERT: AMD Patches Security Flaws in EPYC Processors

ryzen

AMD has released a security bulletin about three possible vulnerabilities in its Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology. A researcher found vulnerabilities that could let a malicious hypervisor controlled by the host system access or modify the memory of a guest VM. This poses big risks to …

Read More »

CISA Warns Hacker Use OS Command Injection Vulnerabilities to Compromise Systems

CISA

OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …

Read More »

Citrix Issues Critical Security Advisory for NetScaler

Citrix

Citrix has warned users about severe vulnerabilities in their widely-used NetScaler products. These vulnerabilities, known as CVE-2024-6235 and CVE-2024-6236, could potentially allow unauthorized access to sensitive information and cause denial-of-service (DoS) attacks. CVE-2024-6235: Sensitive Information Disclosure (Critical Severity) The flaw in the NetScaler Console (previously known as NetScaler ADM) is …

Read More »

MerkSpy Exploits Microsoft Office Vulnerability: FortiGuard report

diagram

FortiGuard Labs found an attack that uses the CVE-2021-40444 vulnerability in Microsoft Office. This flaw lets attackers run harmful code through specific documents. The attack deployed a spyware called “MerkSpy” which secretly watches user activities, collects sensitive information, and stays on compromised systems. The attack starts with a harmless-looking Microsoft …

Read More »