Latest Cybersecurity News and Articles


Hackers Linked to Russia and Belarus Increasingly Target Latvian Websites, Officials Say

06 September 2024
Hackers from Russia and Belarus are increasingly targeting Latvian government and critical infrastructure websites in politically motivated cyberattacks, according to Latvian cybersecurity officials.

US Posts Indictments, Rewards in Russia’s WhisperGate Hacks Against Ukraine

06 September 2024
The US has indicted members of Russian military intelligence unit 29155 for cyber-operations including WhisperGate hacks against Ukraine, offering up to $10 million for information.

Malvertising Campaign Phishes Lowe's Employees

06 September 2024
The fake landing pages closely mimicked the real Lowe's portal, prompting employees to enter their sales numbers, passwords, and security question answers, which then were sent to attackers.

White House Launches Cybersecurity Hiring Sprint To Help Fill 500,000 Job Openings

06 September 2024
The White House has launched a cybersecurity hiring sprint to fill 500,000 job openings, part of a program to address the ongoing shortage in cyber, technology, and AI positions.

CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise

06 September 2024
The CVE-2024-26581 PoC exploit has been disclosed, posing a risk to Linux systems by allowing root compromise. The flaw exists in the nft_set_rbtree function within the Linux kernel, enabling attackers to access sensitive data on affected systems.

Respotter: Open-Source Responder Honeypot

06 September 2024
Respotter is an open-source honeypot designed to detect attackers when they launch Responder within your environment. This application identifies active instances of Responder by exploiting its behavior when responding to any DNS query.

New research shows 12% of CISOs faced budget declines in 2024

06 September 2024
Research reveals the impact the global economy is having on security budgets. 

Goffloader: In-Memory Execution, No Disk Required

06 September 2024
Praetorian has uncovered GoffLoader, an in-memory execution tool that allows security professionals to run BOF and unmanaged Cobalt Strike PE files directly in memory without writing to disk.

Use of Predator Spyware Rebounds After a Dip From Biden Sanctions, Researchers Say

06 September 2024
Despite facing sanctions, Predator has managed to attract new customers and has been detected in various countries, including the Democratic Republic of Congo and Angola.

Infosec Spending to Hit 3-Year Growth Peak, Reach $212B Next Year: Gartner

06 September 2024
Global spending on information security is on track to reach nearly $212 billion next year, with a projected 15% increase from 2024. The majority of this spending is in security software, particularly in endpoint protection platforms.

Critical Vulnerability Discovered in Progress LoadMaster

06 September 2024
Progress Software has alerted users to a critical vulnerability (CVE-2024-7591) in its LoadMaster ADC and load balancer solution. The flaw, with a CVSS score of 10, allows remote attackers to execute system commands without authentication.

Head Mare Hacktivist Group Targets Russia and Belarus

06 September 2024
The group, active since at least 2023, exclusively targets companies in these countries. They use modern techniques to gain initial access to systems, primarily through phishing emails with custom malware like PhantomDL and PhantomCore.

Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks

06 September 2024
A critical vulnerability (CVE-2024-2169) in Webmin/Virtualmin control panels allows for launching DoS attacks. This flaw reveals IP addresses through the UDP service on port 10000, enabling attackers to create a loop of traffic between servers.

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

06 September 2024
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,

Critical Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published

06 September 2024
CVE-2024-20017 is a critical zero-click exploit found in popular Wi-Fi chipsets like MediaTek MT7622/MT7915. The vulnerability allows remote code execution without user interaction, posing a severe risk with a CVSS score of 9.8.

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

06 September 2024
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an

Fake OnlyFans Tool Backstabs Cybercriminals, Steals Passwords

06 September 2024
A fake OnlyFans tool circulating among hackers promises to help steal accounts but actually infects them with the Lumma stealer malware, as discovered by Veriti Research.

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

06 September 2024
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

06 September 2024
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed

A new malware named “Voldemort” may be a cyber espionage campaign

06 September 2024
New research shows the growth of a new malware campaign called “Voldemort.”