Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. […]
Microsoft investigates Microsoft 365 outage affecting users, admins
Microsoft is investigating an ongoing outage preventing users and admins from accessing some Microsoft 365 services and the admin center. […]
FBI seizes domains for Cracked.io, Nulled.to hacking forums
The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. […]
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
“Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s
“Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s
Windows 11’s Start menu is getting iPhone and Android integration
Windows 11’s Start menu is getting a big update with full-fledged Android and iPhone integration. […]
New Zyxel Zero-Day Under Attack, No Patch Available
GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.
The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek.
Oligo Raises $50M to Tackle Application Detection and Response
Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform.
The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.
Uncover Hidden Browsing Threats: Get a Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Learn how a complimentary LayerX risk assessment can help identify, assess, and address browsing and SaaS risks in your workplace. […]
Hackers exploit critical unpatched flaw in Zyxel CPE devices
Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July. […]
January Windows 10 preview update force installs new Outlook
Microsoft has started force-installing the new Outlook email client on Windows 10 systems for users who deploy this month’s KB5050081 non-security preview update. […]