APT36 Escalates Cyber Espionage Against India with New ElizaRAT Malware
The Pakistan-affiliated APT group Transparent Tribe, also known as APT36, has intensified its cyber espionage efforts against Indian entities using a newly developed malware called ElizaRAT, which showcases advanced capabilities for evasion and information theft.
View full story…
Critical Android Vulnerability CVE-2024-43093 Actively Exploited
A critical security vulnerability in the Android operating system, tracked as CVE-2024-43093, is being actively exploited by threat actors, including Chinese-speaking groups, allowing unauthorized access to sensitive directories and posing significant risks to a wide range of devices.
View full story…
Latest Cybernews
Critical Vulnerabilities Discovered in Ollama AI Framework
Cybersecurity researchers have identified six critical vulnerabilities in the Ollama AI framework that could be exploited for denial-of-service attacks, model poisoning, and model theft through a single HTTP request.
View full story…
Checkmarx Uncovers Npm Supply Chain Attack Using Malicious Package “Jest-Fet-Mock”
Security researchers at Checkmarx have discovered a new npm supply chain attack that utilizes a typosquatting technique with a malicious package named “jest-fet-mock,” which targets development environments and employs Ethereum smart contracts for command-and-control communication.
View full story…
Okta Addresses Critical Authentication Bypass Vulnerability
Okta has resolved a significant authentication bypass vulnerability that allowed unauthorized access to user accounts with long usernames, highlighting the need for robust security measures in authentication services.
View full story…
Columbus, Ohio, Ransomware Attack Exposes Data of 500,000 Residents
A ransomware attack by the Rhysida group compromised the personal and financial data of approximately 500,000 residents and city employees in Columbus, Ohio, raising significant concerns about municipal cybersecurity vulnerabilities.
View full story…
Pro-Russian Hacking Group Targets UK Local Authorities With DDoS Attacks
The pro-Russian hacking group NoName057(16) has claimed responsibility for a series of DDoS attacks on multiple local government authorities in the UK, motivated by the country’s military support for Ukraine.
View full story…
US Intelligence Identifies Viral Video as Russian Disinformation Campaign
US intelligence agencies have linked a viral video falsely claiming voter fraud in Georgia to a Russian disinformation effort aimed at undermining confidence in the upcoming presidential election.
View full story…
CrowdStrike Update Outage Disrupts Millions of Windows Systems
A faulty update from CrowdStrike in July 2024 caused significant operational disruptions for Microsoft Windows hosts worldwide, affecting millions of users and leading to lawsuits from Delta Air Lines and New York State Comptroller Thomas P DiNapoli.
View full story…
Google’s AI Tool Discovers Zero-Day Vulnerability in SQLite
Researchers from Google’s Project Zero and Google DeepMind have identified a zero-day memory-safety vulnerability in SQLite, marking a significant advancement in AI-assisted vulnerability research.
View full story…
OWASP Updates Security Guidance for Generative AI to Combat Deepfake Threats
OWASP has released new security guidance to help cybersecurity teams address the rising risks associated with deepfake technology, emphasizing the need for detection tools and internal protocols.
View full story…
Latest Cybernews
Canada Identifies India as Cyber Threat Adversary Amid Rising Tensions
In response to escalating diplomatic tensions, Canada has officially designated India as a cyber threat adversary, citing concerns over potential espionage activities targeting Canadian networks.
View full story…
Potential Cyber Threats to 2024 US Presidential Election
Organized cybercrime groups may disrupt the 2024 US Presidential Election through ransomware, phishing, and stealware tactics, targeting sensitive information and voter registration records.
View full story…