Recent Security News

  • Hackers start exploiting critical Atlassian Confluence RCE flaw

    January 22, 2024 at 08:45AM Security researchers detect exploitation attempts for the critical CVE-2023-22527 vulnerability affecting older Atlassian Confluence servers, potentially exposing them to remote code execution. Atlassian provides fixes for affected versions and reports multiple attempts to exploit the flaw, mainly from Russian IP addresses. Server administrators are advised to update to a secure…

    Read More

  • Owner of Cybercrime Website BreachForums Sentenced to Supervised Release

    January 22, 2024 at 07:18AM Owner of cybercrime website BreachForums, Conor Brian Fitzpatrick, is sentenced to time served and 20 years supervised release for conspiracy to commit device fraud, access device fraud, and possession of child pornography. Despite a recommendation of 188 months in prison, he’ll serve first 2 years under home arrest, with restrictions…

    Read More

  • 52% of Serious Vulnerabilities We Find are Related to Windows 10

    January 22, 2024 at 07:18AM Orange Cyberdefense analyzed 2.5 million vulnerabilities in their customer’s assets. The Security Navigator 2024 report details 129,395 incidents and 25,076 breaches, offering insights into digital threats and trends. The majority of findings are rated ‘High’ or ‘Medium’, with some remaining unresolved for over 150 days. Download the report for in-depth…

    Read More

  • NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

    January 22, 2024 at 07:18AM Cybersecurity researchers have uncovered a new Java-based information stealer, NS-STEALER, which uses a Discord bot to extract sensitive data from compromised systems. The malware disguises itself as cracked software within ZIP archives and exfiltrates data to a Discord Bot channel. The threat actors behind the Chaes malware have released an…

    Read More

  • Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

    January 22, 2024 at 06:12AM Mandiant reports that a Chinese cyberespionage group exploited a zero-day vulnerability in VMware vCenter Server (CVE-2023-34048) since 2021. The flaw allows remote code execution and was actively exploited, with evidence suggesting a sophisticated China-linked group, UNC3886, as responsible. VMware released patches and urged customers to apply them promptly. Key Takeaways…

    Read More