Russian state-sponsored cyber actors targeting U.S. critical infrastructure
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here In a joint cybersecurity advisory, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) revealed that Russian state-sponsored threat actors targeted U.S. defense contractors from …
BlackCat Ransomware group attacks on the rise
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Blackcat Ransomware gang also known as ALPHV has targeted around 25 organizations belonging to multiple sectors globally since November 2021. The group has claimed responsibility for the recent cyber attack on Swissport which …
VMware addresses security flaws discovered during Tianfu Cup Pwn Contest
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here VMware addressed vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation, few months after the discovery of these bugs by participants at Tianfu Cup Pwn Contest. VMware has rated some of these vulnerabilities as important, …
First zero-day vulnerability of Google Chrome this year actively exploited in wild
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Google released a stable channel update for their Chrome browser that contains a zero-day vulnerability and is actively being exploited-in-wild. This is the first zero-day bug reported in Chrome browser this year. A Use-After-Free …
Threat Campaign by Molerats uses NimbleMamba Malware to target Middle East
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An APT group Molerats associated with Gaza has launched a new threat campaign using a malware NimbleMamba aimed at Middle Eastern governments, foreign policy think tanks, and even a state-owned airline. The current attack …
Critical Magento zero-day vulnerability actively exploiting multiple e-commerce websites
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Adobe issued an emergency advisory informing Adobe Commerce and Magento Open-Source product users of a critical zero-day vulnerability that is being actively exploited in the wild. A zero-day vulnerability which has been assigned CVE-2022-24086 …
Multiple vulnerabilities affect Mozilla Firefox and Firefox ESR
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Mozilla has issued two security advisories, which addresses 13 security issues in Firefox and Firefox ESR. Four of the thirteen have been rated as high, and some of these vulnerabilities, if successfully exploited, might …
Multiple security vulnerabilities identified in Adobe
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Adobe addressed 17 security flaws in Premiere Rush, Photoshop, Illustrator, After Effects, and Creative Cloud Desktop. According to Adobe, none of the vulnerabilities have been exploited so far. Successful exploitation of these five vulnerabilities …
Zero-day vulnerability in WebKit affects Apple macOS
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A third zero-day vulnerability has been identified since the latest zero-day bugs discovery in macOS Monterey in the year 2022. This flaw impacts the WebKit component, which is a cross-platform web browser engine that …
Critical remote code execution vulnerabilities in WordPress PHP everywhere Plugin
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Three critical remote code execution (RCE) vulnerabilities in a WordPress plugin PHP everywhere have been discovered. It is a plugin that allows web developers to utilize PHP code in pages, posts, the sidebar, or …