The hacker group MUT-1244 has conducted a year-long campaign, stealing 390,000 WordPress login credentials along with many other sensitive data by using trojanized GitHub repositories to spread malware. These repositories were embedded with malicious code to steal WordPress credentials along with SSH keys and AWS access from victims, including security researchers, red team members, testers,…

Security researchers have uncovered a new Linux rootkit named PUMAKIT, featuring capabilities such as privilege escalation, file and directory hiding, and self-concealment from system tools to avoid detection. According to a report from Elastic Security Lab, PUMAKIT is an advanced Loadable Kernel Module (LKM) rootkit that leverages modern stealth mechanisms to maintain persistent connections with…

Microsoft is ushering in a new era of authentication with passkeys—a modern, secure, and convenient alternative to traditional passwords. According to statistics, Microsoft blocks up to 7,000 password attacks per second, double the rate from the previous year, while adversary-in-the-middle phishing attacks have surged by 146%. Passkeys offer a robust phishing-resistant solution by leveraging biometric…

Google has released a major update for its Chrome browser, addressing three security vulnerabilities, including two high-severity memory safety flaws reported by external researchers. The most notable flaw, CVE-2024-12381, is a type confusion vulnerability in the V8 JavaScript engine, which earned the researcher who discovered it a $55,000 reward. Google stated that this flaw could…

Cisco has issued security updates to address a critical vulnerability affecting Ultra-Reliable Wireless Backhaul (URWB) Access Points, which allows unauthenticated remote attackers to execute commands with root privileges. Ultra-Reliable Wireless Backhaul (URWB) is a highly reliable wireless transmission technology, commonly used to connect components within network systems, particularly in 5G mobile networks and industrial networks.…

The Government of Canada has mandated the dissolution of TikTok Technology Canada, a subsidiary of ByteDance, due to concerns regarding national security risks. However, this decision does not impose a ban on users, allowing them to continue accessing and using the platform without interruption. This action follows comprehensive national security assessments, including close scrutiny from…

Recently, Microsoft announced two security vulnerabilities in Windows NT LAN Manager (NTLM) and Task Scheduler that are actively being exploited in the wild. These vulnerabilities are part of a total of 90 security flaws that the technology giant addressed in the November 2024 Patch Tuesday update. Among these, four vulnerabilities are classified as Critical, 85…

Recently, a new security vulnerability in Windows NT LAN Manager (NTLM) has been exploited by hackers suspected to have ties to Russia, as part of cyberattacks targeting Ukraine. This vulnerability, tracked under the identifier CVE-2024-43451 (with a CVSS score of 6.5), allows attackers to spoof and steal NTLMv2 Hash Disclosure information from users. Microsoft issued…

Cybersecurity researchers have identified more than 30 security vulnerabilities across various open-source artificial intelligence (AI) and machine learning (ML) models. These vulnerabilities could potentially lead to remote code execution and the theft of sensitive information. Details about these vulnerabilities were reported through the Huntr bug bounty platform by Protect AI, affecting several tools including ChuanhuChatGPT,…

Microsoft has announced that Windows 10 users can postpone their transition to Windows 11 for an additional year by paying $30 for the Extended Security Update (ESU) program. This marks the first time the company has disclosed the price for this service, following its announcement of the program in December 2023. According to Microsoft, support…

A phishing campaign known as “Phish n’ Ships,” operational since 2019, has targeted over 1,000 legitimate online stores to advertise counterfeit products, particularly hard-to-find items. Users are often unsuspecting when clicking on these products, only to be redirected to hundreds of fraudulent online stores. The goal of these stores is to steal personal information and…

Recently, Microsoft has officially released new versions of Windows Remote Desktop Server (RDS) 2025 and Windows Server 2025, effective from November 1, 2024. Consequently, support for Windows Server 2022 and RDS 2022 will cease on December 1, 2024. In January 2024, Microsoft released the first version of Windows Server 2025 for participants in the Windows…