CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel’s OverlayFS subsystem that allows them to gain root privileges. […]
Category Added in a WPeMatico Campaign
Healthcare SaaS firm says data breach impacts 5.4 million patients
Episource warns of a data breach after hackers stole health information of over 5 million people in the United States in a January cyberattack. […]
BeyondTrust warns of pre-auth RCE in Remote Support software
BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. […]
New Linux udisks flaw lets attackers get root on major Linux distros
Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. […]
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. […]
Paddle settles for $5 million over facilitating tech support scams
Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults. […]
Scania confirms insurance claim data breach in extortion attempt
Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents. […]
Instagram ‘BMO’ ads use AI deepfakes to scam banking customers
Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.
Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages. […]
New Veeam RCE flaw lets domain users hack backup servers
​Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability. […]
Sitecore CMS exploit chain starts with hardcoded ‘b’ password
A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. […]