Penetration Testing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities in VMware vCenter Server that are currently being exploited in the wild. These… The post Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning appeared first on Cybersecurity News.

A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. Security researcher Ebrahim Shafiei identified the flaw (CVE-2024-52940)… The post CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published appeared first on Cybersecurity News.

Security researcher Jeff Kieschnick from LevelBlue uncovered the stealthy tactics of a Potentially Unwanted Application (PUA) masquerading as a PDF conversion tool. The report details the crafty maneuvers of the… The post PDFFlex: Analyzing PUA Persistence and Evasion Techniques appeared first on Cybersecurity News.

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, the… The post CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution appeared first on Cybersecurity News.

The U.S. Department of Justice announced charges against five individuals accused of orchestrating a sophisticated phishing scheme that targeted employees across the nation. The defendants allegedly stole “intellectual property and… The post Phishing Scheme Nets Millions in Cryptocurrency, Five Charged appeared first on Cybersecurity News.

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers… The post CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director appeared first on Cybersecurity News.

In a detailed report by Trend Micro, the emergence of a new LODEINFO malware campaign has been linked to Earth Kasha, a threat group operating within what the researchers term… The post Earth Kasha Expands Operations: New LODEINFO Malware Hits Government and High-Tech appeared first on Cybersecurity News.

The Common Weakness Enumeration (CWE) Top 25 list for 2024 has been released, and it provides a critical roadmap for addressing the most pervasive and hazardous vulnerabilities that plague modern… The post 2024 CWE Top 25: Critical Software Weaknesses Revealed appeared first on Cybersecurity News.

Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the… The post WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts appeared first on Cybersecurity News.

Recently, Palo Alto Networks has released an in-depth analysis of FrostyGoop, also known as BUSTLEBERM, a sophisticated malware targeting operational technology (OT). This malware gained attention in July 2024 when… The post FrostyGoop: New ICS Malware Exploits Modbus TCP Protocol appeared first on Cybersecurity News.