Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure.
The post Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure appeared first on SecurityWeek.
Microsoft: Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas
RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network’s domain controller as part of their post-compromise strategy.
“RansomHub has targeted over 600 organizations globally, spanning sectors
“RansomHub has targeted over 600 organizations globally, spanning sectors
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
“An
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
“An
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. […]
Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.
The post Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation appeared first on SecurityWeek.
Google Hub in Poland to Develop AI Use in Energy and Cybersecurity Sectors
Poland is being targeted by various forms of cyberattacks and sabotage actions believed to be sponsored by Russia.
The post Google Hub in Poland to Develop AI Use in Energy and Cybersecurity Sectors appeared first on SecurityWeek.
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform. […]
Hacker leaks account data of 12 million Zacks Investment users
Zacks Investment Research (Zacks) last year reportedly suffered another data breach that exposed sensitive information related to roughly 12 million accounts. […]
Circuit Board Maker Unimicron Targeted in Ransomware Attack
The Sarcoma ransomware group is threatening to leak data stolen from Taiwanese printed circuit board manufacturer Unimicron.
The post Circuit Board Maker Unimicron Targeted in Ransomware Attack appeared first on SecurityWeek.