The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a pre-authentication Remote Code Execution (RCE) flaw in Oracle Access Manager (OAM), tracked as CVE-2021-35587, which was fixed in January…

A campaign called "Bleed You" is attempting to exploit a known Remote Code Execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and over 1,000 systems are unpatched and vulnerable. According to a new report from…

Acer has patched a critical vulnerability affecting several laptop models that could allow local attackers to disable Unified Extensible Firmware Interface (UEFI) Secure Boot on targeted systems. The Secure Boot security feature thwarts untrusted…

According to new Checkmarx research, threat actors are exploiting a popular TikTok challenge to trick users into downloading information-stealing malware. The Invisible Challenge trend involves using a filter called Invisible Body, which only leaves a…

Proofpoint researchers have revealed more technical details about SocGholish, the malware variant they discovered earlier in November, emphasizing its tactics that differ from traditional phishing campaigns. SocGholish deviates from the norm by doing…

High-level vulnerabilities in Cisco Systems' network access control solution could allow an authenticated, remote attacker to inject arbitrary operating system commands, bypass security safeguards, and execute Cross-Site Scripting (XSS) attacks. Four of…

Hacking is an unavoidable constant in the cybersecurity industry, which is expected to spend $150 billion this year without actually being able to stop hackers. This year has seen Russian government hacks against Ukraine, an increase in ransomware…

Google has started rolling out a patch for a critical security flaw affecting the desktop version of its Chrome browser. The vulnerability, tracked as CVE-2022-4135, impacts Chrome for Windows, Mac, and Linux. Google is aware of an exploit for the high-…

Security experts have seen a sharp rise in the number of fake streaming website for the FIFA World Cup 2022 and other related scams. These sites are stealing user data and infecting users’ sites with downloaded malware. Some of the sites pull fans in by…

The All India Institute of Medical Sciences (AIIMS), India's leading public medical institute, is experiencing outages due to a cyberattack. Hundreds of patients and doctors are affected by the outages, which include patient admission, discharge, and…

Remote monitoring and management (RMM) platform ConnectWise has recently patched a cross-site scripting (XSS) vulnerability that could lead to remote code execution (RCE).  Security researchers at Guardio Labs noted that threat actors could exploit…

Theft of cryptocurrency has grown to be a significant component of cybercrime. Despite the fallout from the collapse of cryptocurrency exchange FTX, which declared bankruptcy on November 11, illicit interest in cryptocurrency continues. Bitcoin still has…