Unpatched Outlook Exploit Up for Grabs on Hacking Forums A critical security vulnerability has emerged with the news that a threat actor, known as Cvsp, is allegedly selling a remote code execution (RCE) exploit targeting Microsoft Outlook for a staggering $1.7 million. This zero-day exploit, (referred to as “0-day” because there’s currently no patch available) […]

Google Accidentally Deleted $125 Bn Pension Fund Account Cloud giant Google is facing a major trust deficit after a critical error on its Google Cloud platform led to a week-long outage for a massive Australian pension fund. The incident, centered around the accidental deletion of a $125 billion pension fund account, has shaken confidence in […]

Dell Data Breach: Millions of Customers Affected Dell Technologies confirmed a data breach impacting millions of customers, with some personal information compromised. The company states they are investigating the incident. Dell has downplayed the severity of the breach, claiming only “limited” customer data was accessed. This includes details like names, physical addresses, installed locations of […]

On June 24, 2023, Microsoft mitigated the exposure of internal information in a storage account due to an overly permissive Shared Access Signature (SAS) token. The incident was discovered by security researchers at Wiz Research, who reported it to Microsoft’s Security Response Center (MSRC) on June 22. The SAS token is a security feature that […]

Indian Websites Targeted by Hacking Group to Protest G20 Hacking groups from Pakistan, Indonesia, and Bangladesh have targeted several Indian websites in protest the G20 summit, which is being held in New Delhi on September 9-10. The groups, which call themselves “The Black Hat Collective,” “Hacktivist of Garuda,” “Team Herox” and “Mysterious Team Bangladesh,” have […]

WinRAR File Spoofing Vulnerability: What You Need to Know WinRAR is a popular file archiver that is used by millions of people around the world. However, a recently discovered vulnerability in WinRAR could allow attackers to execute arbitrary code on your computer by tricking you into opening a malicious file. The vulnerability, known as CVE-2023-38831 […]

Thales to acquire Cyber security product firm Imperva Thales, a well-known French multinational company, recently announced its acquisition of Imperva from Thomas Bravo, who had purchased Imperva in 2019. Thales operates in several sectors, including Aerospace, Space, Defense, Security, and Transportation. This strategic move is expected to bolster Thales’ cybersecurity business significantly. Imperva has taken […]

Fortinet, a leading provider of network security solutions, recently rolled out multiple versions of FortiOS, the operating system (OS) and firmware that powers their widely used Fortigate firewalls and other devices commonly used for SSL-VPN. However, a concerning omission in their release notes has come to light – the failure to mention the inclusion of […]

Pakistani hackers targeted Indian Army and Navy websites The Pakistani hacker organization Team_insane_pk has targeted more than 20 Indian government and corporate websites, primarily defense websites, in a response for alleged oppressions of religious minorities in India. The hacker group launched a distributed denial of service (DDoS) attack against these websites. A DDoS attack is […]

All you need to know about Universal Data Permission Scanner Data privacy and security have become key concerns as corporations continue to gather and retain massive quantities of data. One of the most significant issues that organisations confront is data authorization blind spots, which relate to the inability to keep track of all data access […]

Microsoft patches critical Azure API Vulnerabilities Azure API Management is a Microsoft cloud-based service that enables organisations to publish, protect, and manage APIs (Application Programming Interfaces). While this service provides a safe and convenient approach to handle APIs, it is not without flaws. In this post, we will look at a flaw Ermetic research team […]

Iranian Operations Use BouldSpy to Track Minority Groups Concerns have grown in recent years over the Iranian government’s use of surveillance technologies to follow minority groups within the country. The BouldSpy programme for example, has been widely utilized by Iranian authorities to monitor and spy on its residents. The Iranian government has a long history […]

Netgear flaws Causing Credential Leak & Privilege Escalation Netgear, a renowned networking equipment vendor, recently discovered various vulnerabilities in its devices. These flaws have the potential to result in the disclosure of user credentials as well as privilege escalation. The revelation of these vulnerabilities underscores the critical need of cybersecurity in our increasingly digital environment. […]

Samsung Bans ChatGPT & AI After Massive Data Leak Following a massive data leak in which hundreds of thousands of Samsung users’ personal information was exposed, the South Korean tech giant has taken the unprecedented step of banning AI chatbots, including ChatGPT from its platform. The decision comes as the corporation tries to address growing […]

Romanian Telecom Users Targeted by Phishing Campaign A phishing effort has been targeting Romanian telecom consumers in recent months, with the goal of stealing their personal information and perhaps gaining access to their bank accounts. Several cybersecurity firms, including Check Point Research and Kaspersky Lab, have reported the campaign. Phishing is a sort of cyber-attack […]

Scammers using Card Skimmers to steal money in California In Southern California, there has been an increase in reports of fraud and theft involving Electronic Benefit Transfer (EBT) cards in recent years. These occurrences include the use of card skimmers at ATMs to steal money from EBT accounts. This form of scam frequently targets low-income […]

Three Known Exploited Vulnerabilities to Catalog by KEV The latest news of vulnerabilities uncovered in various software systems has been making the cybersecurity world go crazy. KEV Catalogue, a cybersecurity organization, recently disclosed new vulnerabilities impacting TP-Link, Apache, and Oracle WebLogic Server. Let’s take a deeper look at each of these flaws. TP-Link: The TP-Link […]