Intel
Recent findings from Cato Networks have unveiled a significant development in the realm of cybersecurity. Researchers have demonstrated a method that allows individuals without coding expertise to generate malware using generative AI (GenAI) tools. This breakthrough poses new challenges in the fight against cyber threats. Innovative LLM Jailbreak Technique The
Cybercriminals are actively exploiting a significant security flaw in PHP to distribute cryptocurrency miners and remote access trojans (RATs) such as Quasar RAT. This vulnerability, identified as CVE-2024-4577, is an argument injection flaw in PHP affecting Windows systems operating in CGI mode, potentially allowing attackers to execute arbitrary code remotely.
A newly identified remote access Trojan, known as StilachiRAT, is being tracked by Microsoft researchers. This malware exemplifies the growing trend of threat actors integrating diverse malicious functionalities into a single tool to maximize their impact. StilachiRAT is equipped with capabilities for comprehensive system reconnaissance, data collection, cryptocurrency theft, and
In a significant cybersecurity breach, researchers have identified a widespread ad fraud campaign involving more than 300 malicious applications on the Google Play Store. These apps have collectively been downloaded over 60 million times, subjecting users to intrusive advertisements and potential phishing attacks. Malicious Apps Infiltrate Google Play The Google
A recent cascading supply chain attack, initiated by the compromise of the "reviewdog/action-setup@v1" GitHub Action, has reportedly led to a breach involving "tj-actions/changed-files," resulting in the exposure of CI/CD secrets. Details of the Supply Chain Attack Last week, a security breach in
Cybercriminals are deploying deceptive Microsoft OAuth applications that mimic Adobe and DocuSign apps to infiltrate systems and exfiltrate Microsoft 365 account credentials. These sophisticated campaigns, identified by cybersecurity researchers, are highly targeted and pose significant risks to various industries. Deceptive OAuth Applications The malicious applications in question are masquerading as
A recent phishing campaign has targeted nearly 12,000 GitHub repositories by creating fake "Security Alert" issues. These alerts deceive developers into authorizing a malicious OAuth application, granting attackers complete control over their accounts and code repositories. Details of the Phishing Campaign The phishing issues falsely warn users
Cybersecurity researchers have identified a new malware campaign targeting individuals searching for pirated software. This campaign introduces a clipper malware known as MassJacker, which poses a significant threat to cryptocurrency users by intercepting and altering clipboard data. Understanding Clipper Malware Clipper malware is designed to manipulate clipboard data, often with
On October 23, 2024, Fortinet released an advisory regarding a critical zero-day vulnerability, CVE-2024-47575, affecting their FortiManager network management solution. This vulnerability, resulting from missing authentication for a critical function, allows remote attackers to execute arbitrary code or commands. The flaw has been actively exploited in the wild, prompting urgent