Apr 11, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, … [Read more...] about Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
hacker news
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper … [Read more...] about Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
Initial Access Brokers Shift Tactics, Selling More for Less
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks. By selling access, they significantly … [Read more...] about Initial Access Brokers Shift Tactics, Selling More for Less
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Apr 10, 2025Ravie LakshmananContainer Security / Vulnerability Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) … [Read more...] about Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. "As a purpose-built tool for creating and deploying web apps, its capabilities … [Read more...] about Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability … [Read more...] about Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Apr 07, 2025Ravie LakshmananMalware / Network Security Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. "'Fast flux' is a technique used to obfuscate the locations of … [Read more...] about CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked … [Read more...] about Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, … [Read more...] about North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage … [Read more...] about SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack