Curated Cybersecurity RSS Feeds

CyberSec News: Curated Sources | Latest Trends | Showing last 24h

X

Microsoft, Late to the Game on Dangerous DNSSEC Zero-Day Flaw

Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago.

X

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and...

X

How Cybercrime Empires Are Built

Strong partnerships and collaborations between industry and law enforcement are the most critical ways to take down cybercrime groups before they grow.

X

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportuni...

X

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploite...

X

Update now! Google Pixel vulnerability is under active exploitation

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device....

X

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing signif...

X

0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a JavaScript library that helps you create WYSIWYG editors online. An attacker can insert...

X

Beware WARMCOOKIE Backdoor Knocking Your Inbox

WARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127. The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system. “This malware re...

X

Black Basta Exploits Patched Windows Privilege Escalation Bug

No content available.