January 9, 2024 at 12:54PM Adobe released patches for six security vulnerabilities in Substance 3D Stager, warning of potential code execution attacks. The ‘important-severity’ issues affect macOS and Windows users and could lead to memory leaks and arbitrary code execution. Adobe recommends immediate updates to version 2.1.4 to mitigate these risks, with no known in-the-wild … Read more
December 12, 2023 at 03:36PM Adobe issued fixes for code execution vulnerabilities in Illustrator, Substance 3D Sampler, and After Effects, addressing at least 207 security flaws. Notably, critical-severity issues affected Adobe Substance 3D Sampler, Illustrator, and After Effects on various platforms. Additionally, a major Adobe Experience Manager patch was released to address 185 documented bugs. … Read more
November 15, 2023 at 09:45AM A critical security flaw in Apache ActiveMQ, tracked as CVE-2023-46604, allows threat actors to execute arbitrary code in memory. The flaw has been exploited by ransomware groups, deploying ransomware like HelloKitty and a strain similar to TellYouThePass, as well as a remote access trojan called SparkRAT. The attacks rely on … Read more
November 1, 2023 at 10:54AM F5 is warning administrators of their BIG-IP devices about skilled hackers exploiting recently disclosed vulnerabilities. These hackers erase signs of their access and achieve stealthy code execution. Two critical vulnerabilities were identified, and F5 has urged admins to apply available security updates. The vulnerabilities allow for authentication bypass and SQL … Read more
November 1, 2023 at 08:49AM Threat actors are continuously publishing malicious NuGet packages as part of an ongoing campaign, exploiting code execution capabilities. The campaign, which began in August, has seen hundreds of malicious packages placed in the NuGet repository. The threat actors adapt their tactics, utilizing typosquatting and placing malicious functionality in .targets files … Read more
October 31, 2023 at 10:29AM A new NuGet typosquatting campaign has been discovered that uses malicious packages to exploit Visual Studio’s MSBuild integration and install malware. This campaign targets Windows users and is the first documented case of threat actors leveraging this feature in malicious NuGet packages. The attackers continually refine their techniques, with earlier … Read more
October 30, 2023 at 02:49PM The UAE Cybersecurity Council warns of a high-risk vulnerability in Google Chrome that allows remote code execution. They recommend updating to the latest version to protect against potential threats. The council’s warning follows similar actions by the Qatar National Cyber Security Agency and other countries addressing vulnerabilities in Adobe and … Read more
October 25, 2023 at 03:57PM Apple released major security updates for macOS and iOS, addressing numerous vulnerabilities that could potentially lead to hacker attacks. The updates address a total of 21 iOS security vulnerabilities and 44 macOS flaws, including code execution and data exposure issues. Apple also patched an already-exploited vulnerability reported by Kaspersky. The … Read more
October 18, 2023 at 12:49PM Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, … Read more
October 18, 2023 at 11:16AM State-backed hacking groups, including Sandworm, APT28, and APT40, are exploiting a vulnerability in WinRAR to execute arbitrary code on targeted systems. The bug, known as CVE-2023-38831, has been exploited since April 2023, enabling threat actors to deliver various malware payloads. Despite a patch being available, many users remain vulnerable. Google … Read more