Hackers Using Weaponized Word Documents In QR Code Phishing Attacks

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] Hackers often abuse weaponized Word docs, as they can contain macros that contain or exploit flaws inside those Word files to run destructive code upon being opened by the intended victims. It enables an attacker to employ this tool to deliver a payload to […]
WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] WordPress has released an urgent security update, version 6.5.5, addressing critical vulnerabilities that could potentially compromise the security of millions of websites. This minor release, which also includes three bug fixes in the core, is highly recommended for immediate installation to ensure site security and stability. […]
HC3 Unveils Qilin Ransomware Attacking Global Healthcare Organizations

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] The Health Sector Cybersecurity Coordination Center (HC3) has issued a critical alert regarding a new ransomware strain, Qilin, which is targeting healthcare organizations worldwide. This revelation underscores the escalating cyber threats facing the healthcare sector, which is already grappling with the complexities of digital transformation and […]
CISA’s CSAT Tool Hacked, Systems Taken Offline

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] The Cybersecurity and Infrastructure Security Agency’s (CISA) Chemical Security Assessment Tool (CSAT) was the target of a cybersecurity intrusion by a malicious actor from January 23-26-2024. The breach, which has raised significant concerns within the cybersecurity community, potentially exposed sensitive information including Top-Screen surveys, Security Vulnerability […]
ESET Security Products for Windows Vulnerable to Privilege Escalation

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] ESET, a leading cybersecurity company, recently addressed a local privilege escalation vulnerability in its Windows security products. The Zero Day Initiative (ZDI) reported the vulnerability to ESET. It could have allowed attackers to misuse ESET’s file operations during a restore operation from quarantine, potentially leading to […]
Life360 Breach: Hackers Accessed the Tile Customer Support Platform

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] Life360, a company known for its family safety services, recently fell victim to a criminal extortion attempt. The company received emails from an unknown actor claiming to possess Tile customer information. Upon receiving these emails, Life360 promptly investigated and detected unauthorized access to the Tile customer […]
Hackers Can Crack Down 59% Of Passwords Within A Hour

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] Researchers analyzed real-world passwords leaked on the dark web instead of artificial ones used in labs, as their findings showed that a worrying 59% of these passwords could be cracked within an hour using just a modern graphics card and some technical knowledge, highlighting […]
New Security Vulnerability Let Attackers Microsoft Corporate Email Accounts

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”]A newly discovered security vulnerability allows attackers to impersonate Microsoft corporate email accounts, significantly increasing the risk of phishing attacks. Security researcher Vsevolod Kokorin, also known as Slonser, found this bug, which Microsoft has not yet patched. Kokorin revealed the bug on X (formerly Twitter) […]
CISA Reveals Guidance For Implementation of Encrypted DNS Protocols

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] “Encrypted DNS Implementation Guidance,” a detailed document from the Cybersecurity and Infrastructure Security Agency (CISA), tells government agencies how to improve their cybersecurity by using encrypted Domain Name System (DNS) protocols. This advice is in line with Memorandum M-22-09 from the Office of Management […]
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection

[responsivevoice_button rate=”1″ pitch=”1.2″ volume=”0.8″ voice=”US English Female” buttontext=”Click Here to Listen”] Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear. We first encountered Deuterbear in Earth Hundun’s arsenal in October 2022, signaling its implementation. This report describes the ultimate Remote Access Trojan (RAT) we recovered from a C&C server from an Earth Hundun campaign in […]