In a series of coordinated cyberattacks, state-backed hackers have been exploiting critical zero-day vulnerabilities in Ivanti Connect Secure, a widely used VPN appliance. The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have put numerous organizations at
Latest News
Researchers have uncovered critical vulnerabilities in the POST SMTP Mailer WordPress plugin, which potentially puts over 150,000 websites at risk of takeover by malicious actors. The vulnerabilities were first reported by cybersecurity researchers Ulyses Saicha and Sean Murphy as part of
In a recent and startling development, loanDepot, a leading US lender, has confirmed that it fell victim to a ransomware attack, leading to substantial data encryption and operational disruptions. This disclosure comes amidst a growing series of cyberattacks targeting the financial sectors. On
In a significant development, Chinese state-backed experts claim to have cracked the encryption of Apple's AirDrop feature. This breakthrough, as reported by Bloomberg, enables the identification of phone numbers and email addresses of users, potentially allowing the Chinese government to monitor
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained an estimated 4 million records, which included sensitive school safety records and PII of students, parents, and school staff. The non-password protected
The MyEstatePoint Property Search app (developed by NJ Technologies) has exposed the sensitive information of nearly half a million users. The popular Android real estate app left user data, including names, passwords, email addresses, and phone numbers, unprotected on a public-facing MongoDB
HealthEC LLC, a leading provider of population health management services, has announced a substantial data breach. The incident, which occurred between July 14 and July 23, 2023, exposed the personal and medical information of an estimated 4.5 million individuals. Further deepening the impact, the
In response to the implementation of new age verification laws in Montana and North Carolina, adult entertainment giant Pornhub has decided to block users in these two states from accessing the platform. The move is part of an ongoing battle against state-level regulations that require online adult
In a striking revelation by Amnesty International (in partnership with The Washington Post), the use of Pegasus spyware, developed by Israeli firm NSO Group, has been found targeting high-profile journalists in India. This alarming development was highlighted in a forensic investigation conducted
In a troubling development in cybersecurity, multiple information-stealing malware families have been found exploiting an undocumented Google OAuth endpoint, identified as "MultiLogin," to regenerate expired authentication cookies. This discovery, initially made by a developer named PRISMA in