Cisco has issued security updates to address a critical vulnerability affecting Ultra-Reliable Wireless Backhaul (URWB) Access Points, which allows unauthenticated remote attackers to execute commands with root privileges. Ultra-Reliable Wireless Backhaul (URWB) is a highly reliable wireless transmission technology, commonly used to connect components within network systems, particularly in 5G mobile networks and industrial networks.…

The Government of Canada has mandated the dissolution of TikTok Technology Canada, a subsidiary of ByteDance, due to concerns regarding national security risks. However, this decision does not impose a ban on users, allowing them to continue accessing and using the platform without interruption. This action follows comprehensive national security assessments, including close scrutiny from…

Recently, Microsoft announced two security vulnerabilities in Windows NT LAN Manager (NTLM) and Task Scheduler that are actively being exploited in the wild. These vulnerabilities are part of a total of 90 security flaws that the technology giant addressed in the November 2024 Patch Tuesday update. Among these, four vulnerabilities are classified as Critical, 85…

Recently, a new security vulnerability in Windows NT LAN Manager (NTLM) has been exploited by hackers suspected to have ties to Russia, as part of cyberattacks targeting Ukraine. This vulnerability, tracked under the identifier CVE-2024-43451 (with a CVSS score of 6.5), allows attackers to spoof and steal NTLMv2 Hash Disclosure information from users. Microsoft issued…

Cybersecurity researchers have identified more than 30 security vulnerabilities across various open-source artificial intelligence (AI) and machine learning (ML) models. These vulnerabilities could potentially lead to remote code execution and the theft of sensitive information. Details about these vulnerabilities were reported through the Huntr bug bounty platform by Protect AI, affecting several tools including ChuanhuChatGPT,…

Microsoft has announced that Windows 10 users can postpone their transition to Windows 11 for an additional year by paying $30 for the Extended Security Update (ESU) program. This marks the first time the company has disclosed the price for this service, following its announcement of the program in December 2023. According to Microsoft, support…

A phishing campaign known as “Phish n’ Ships,” operational since 2019, has targeted over 1,000 legitimate online stores to advertise counterfeit products, particularly hard-to-find items. Users are often unsuspecting when clicking on these products, only to be redirected to hundreds of fraudulent online stores. The goal of these stores is to steal personal information and…

Recently, Microsoft has officially released new versions of Windows Remote Desktop Server (RDS) 2025 and Windows Server 2025, effective from November 1, 2024. Consequently, support for Windows Server 2022 and RDS 2022 will cease on December 1, 2024. In January 2024, Microsoft released the first version of Windows Server 2025 for participants in the Windows…

A new phishing campaign named CRON#TRAP has been identified, targeting Windows systems by utilizing a Linux virtual machine equipped with a backdoor, allowing attackers to secretly access corporate networks. This campaign represents a significant evolution in the methods employed in cyberattacks, particularly the exploitation of virtualization technology to conduct malicious activities. The CRON#TRAP campaign used…

The latest AI model from OpenAI, ChatGPT-4o, can be exploited to carry out voice-based scams with financial motives, achieving success rates between 20% and 60%, thereby enabling large-scale fraud without human intervention. ChatGPT-4o boasts notable advancements, including the integration of text, voice, and images. However, to protect users from harmful content, OpenAI has implemented various…

Cybersecurity researchers are warning about the malware Winos 4.0, which is distributed through game-related applications such as installers and optimization tools. Winos 4.0 is a powerful malicious platform that has been observed since June, operated by groups under the names Void Arachne and Silver Fox, enabling attackers to control multiple online devices. According to Fortinet…

Google Cloud has announced that by the end of 2025, all users will be required to implement multi-factor authentication (MFA) to enhance account security. Mayank Upadhyay, Vice President of Engineering at Google Cloud, stated that the deployment of MFA will occur in phases, with prior notifications provided to businesses and users to facilitate their preparation.…