Latest News: Cybersecurity

Mastodon, an open source and decentralized social media platform, is currently in the midst of a security alert. Cybersecurity experts have disclosed a critical vulnerability, dubbed CVE-2024-23832, that leaves millions of accounts at risk of being hijacked by malicious actors. The flaw scored a

Johnson Controls International, a leading multinational conglomerate, has reported a staggering $27 million in expenses tied to the remediation of a ransomware attack that occurred in September 2023. The attack, which was first reported by BleepingComputer, was orchestrated by the Dark Angels

In a recent development, Ivanti has warned of new zero-day vulnerabilities in its Connect Secure VPN appliance, first exploited by Chinese state-backed hackers in early December 2023. Identified as CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893, these flaws put customer networks

The first-ever Pwn2Own Automotive competition has concluded with hackers collectively earning a staggering $1,323,750 by exposing 49 zero-day vulnerabilities, primarily in Tesla vehicles. Organized by Trend Micro's Zero Day Initiative (ZDI) during the Automotive World conference, the event in

The BianLian ransomware group, notorious for its evolving strategies, has now intensified its focus on the healthcare and manufacturing sectors in the United States and Europe. This move signals a significant threat to data security and operational stability in these critical

In a series of coordinated cyberattacks, state-backed hackers have been exploiting critical zero-day vulnerabilities in Ivanti Connect Secure, a widely used VPN appliance. The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have put numerous organizations at

Researchers have uncovered critical vulnerabilities in the POST SMTP Mailer WordPress plugin, which potentially puts over 150,000 websites at risk of takeover by malicious actors. The vulnerabilities were first reported by cybersecurity researchers Ulyses Saicha and Sean Murphy as part of

In a troubling development in cybersecurity, multiple information-stealing malware families have been found exploiting an undocumented Google OAuth endpoint, identified as "MultiLogin," to regenerate expired authentication cookies. This discovery, initially made by a developer named PRISMA in

McAfee's Mobile Research Team has uncovered a sophisticated Android backdoor, dubbed “Xamalicious”, that has compromised an estimated 338,300 devices worldwide. The malicious software, developed using Xamarin — an open-source framework for building Android and iOS apps with .NET and C# –- has been

Europol and ENISA (European Union Agency for Cybersecurity), national law enforcement from 17 countries, and private sector allies have uncovered a massive digital skimming campaign affecting 443 online merchants. Digital skimming, a form of cyberattack, involves stealing credit card information