Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new…
Tag: Security Affairs
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a…
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office…
Attackers exploit a new zero-day to hijack Fortinet firewalls
Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to…
OpenSSL patched high-severity flaw CVE-2024-12797
OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks. The OpenSSL Project addressed a high-severity vulnerability, tracked as CVE-2024-12797, in its secure communications library. The OpenSSL software library allows secure communications over computer networks against eavesdropping…
Progress Software fixed multiple high-severity LoadMaster flaws
Progress Software fixed multiple vulnerabilities in its LoadMaster software, which could be exploited to execute arbitrary system commands. Progress Software has addressed multiple high-severity security vulnerabilities (CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135) in its LoadMaster software. Progress Software’s LoadMaster is a high-performance load…
Artificial intelligence (AI) as an Enabler for Enhanced Data Security
Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. Artificial intelligence (AI) is transforming industries and redefining how organizations protect their data in today’s fast-paced digital world. With over…
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores
Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores. Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Google Tag Manager (GTM)…
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The police took down the dark web data leak and…
Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’
Apple released iOS and iPadOS updates to address a zero-day likely exploited in extremely sophisticated attacks targeting specific individuals. Apple released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24200, that the company believes was exploited in “extremely…