News

In a concerning development for cybersecurity, thousands of Palo Alto Networks firewalls have been compromised via two recently patched zero-day vulnerabilities. These security flaws include an authentication bypass (CVE-2024-0012) within the PAN-OS management web interface, allowing unauthorized users to gain admin-level access, and a privilege escalation vulnerability (CVE-2024-9474) that enables

Microsoft Halts WinAppSDK Update Following Issues with Windows 10 App Management Since November 12, Microsoft has acknowledged a technical issue impacting some Windows 10 users, preventing them from updating or uninstalling certain applications like Microsoft Teams. This complication arises from the deployment of the WinAppSDK version 1.6.2 package,

In the wake of a recent system outage involving cybersecurity firm CrowdStrike, Microsoft has introduced its latest tool aimed at enhancing resilience and recovery for businesses. Dubbed ‘Quick Machine Recovery,’ this feature promises to streamline the process of restoring critical systems swiftly after unexpected disruptions. Background The move comes after

In a significant cybersecurity incident, a French hospital has suffered a data breach compromising the medical records of over 750,000 patients. This alarming event highlights the vulnerabilities in protecting sensitive healthcare information. Details of the Breach A hacker, self-identified as "nears," claims responsibility for infiltrating multiple healthcare

A recent investigation has unveiled the alarming exposure of over 145,000 Industrial Control Systems (ICS) on the internet, spanning 175 countries. The United States leads with the highest number of exposed systems, constituting more than a third of the total. Regional Exposure: North America: 38% - Europe: 35.4%

The rapid growth of BlueSky, driven by users migrating from other social networks like X (formerly Twitter), is attracting not just individuals but also cybercriminals. Recently surpassing the 20 million user mark, BlueSky has become a new target for cryptocurrency scams, according to observations by BleepingComputer. Emergence of Scams As

North Korean-linked cyber actors are posing as U.S.-based software and technology firms to secure funds for national objectives, according to a recent report by security researchers from SentinelOne, Tom Hegel, and Dakota Cary. Deceptive Tactics and Global Network In a coordinated global campaign identified as Wagemole by Palo

Google has announced that its AI-enhanced fuzzing tool, OSS-Fuzz, has uncovered 26 vulnerabilities in various open-source projects. Among these is a medium-severity flaw in the widely used OpenSSL cryptographic library. According to Google's open-source security team, these discoveries mark a significant achievement in automated vulnerability detection, all identified

An advanced version of the NodeStealer malware, previously identified by Meta in May 2023, has evolved to aggressively target Facebook Ads Manager accounts, escalating its threat by extracting credit card information directly from web browsers. Research Findings According to a Netskope Threat Labs report shared with The Hacker News, NodeStealer