Adobe patches critical-severity bugs in multiple products, including the Adobe Commerce and Magento Open Source platforms.
The post Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator appeared first on SecurityWeek.
Signal introduces convenient “call links” for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. […]
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. […]
Volt Typhoon rebuilds malware botnet following FBI disruption
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its “KV-Botnet” malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. […]
GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains
GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users.
The post GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains appeared first on SecurityWeek.
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)
The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford
Cybersecurity incident impacts Giant Food, Hannaford, and other Ahold Delhaize USA brands, including pharmacies and e-commerce services.
The post Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford appeared first on SecurityWeek.
SAP Patches High-Severity Vulnerability in Web Dispatcher
SAP has released eight new security notes on November 2024 patch day, including one addressing a high-severity vulnerability in Web Dispatcher.
The post SAP Patches High-Severity Vulnerability in Web Dispatcher appeared first on SecurityWeek.
North Korean Hackers Target macOS Using Flutter-Embedded Malware
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built