Daily Live Feed

Attention server administrators! A serious security vulnerability in Webmin, a widely used web-based system administration tool for Unix-like servers, has been discovered. This critical flaw could allow attackers with minimal access to a system... The post Security Update for Webmin: Addressing Privilege Escalation Vulnerability appeared first on Penetration Testing. Read more »

Hanwha Vision, a leader in surveillance technology, has swiftly responded to significant cybersecurity threats identified in several of its network video recorders (NVR) and digital video recorders (DVR). These threats, detailed in recent security... The post Hanwha Vision Announces Critical Security Updates for NVR and DVR Models appeared first on… Read more »

ThreatFabric has unveiled a sophisticated new Android malware strain named “Brokewell.” This potent threat combines extensive data theft capabilities with remote device control, allowing attackers to hijack infected phones for fraudulent financial transactions. The... The post Alert: “Brokewell” Malware – New Threat Targets Bank Users with Remote Device Takeover appeared… Read more »

A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices. This flaw puts sensitive industrial... The post Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers appeared first on Penetration… Read more »

Postman, the tool beloved by developers for testing and building APIs, is unwittingly becoming a treasure trove for hackers. Security firm Truffle Security uncovered a shocking problem: thousands of live API keys, authentication tokens,... The post Thousands of API Secrets Exposed on Postman – Are Your Credentials At Risk? appeared… Read more »

Security researchers at Harfang Lab have uncovered an ongoing MuddyWater campaign that has been escalating since late 2023. MuddyWater, an Iranian state-backed hacking group, is exploiting the legitimate remote monitoring and management (RMM) solution... The post Iranian Hacker Group MuddyWater Abuses Legitimate Atera Software to Target Global Organizations appeared first… Read more »

SonicWall Capture Labs threat research team has recently uncovered sophisticated .NET managed code injection methods employed by the notorious AgentTesla malware, marking a significant advancement in malware delivery tactics. The detailed technical analysis provided... The post Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware appeared first on Penetration Testing. Read more »

Researchers at Rhino Security Labs have detailed a critical security flaw in Progress Flowmon, a widely used network monitoring tool. Identified as CVE-2024-2389, this vulnerability allows for unauthenticated command injection with a severity score... The post PoC Exploit Releases for Critical Progress Flowmon Bug – CVE-2024-2389 (CVSS 10) appeared first… Read more »

Recently, Zscaler ThreatLabz released its 2024 Phishing Report, revealing a disturbing evolution in phishing tactics fueled by generative AI technologies. This detailed analysis, based on over 2 billion phishing transactions in 2023, presents a... The post AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave appeared… Read more »

Security experts at Zscaler ThreatLabz have revealed a widespread campaign where hackers are hijacking legitimate web hosting platforms to distribute dangerous malware. By mimicking legitimate websites and using fraudulent search engine optimization (SEO) tactics,... The post Beware of Search Results: Hackers Using Fake Websites to Spread Malware appeared first on… Read more »