A threat actor called 'Blue Mockingbird' is exploiting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by taking over system resources. The attacker exploited CVE-2019-18935, a critical severity (CVSS v3.1…

Citrix is advising users of its Application Delivery Management (ADM) solutions to update their systems to protect themselves from two newly discovered vulnerabilities tracked under CVE-2022-27511 and CVE-2022-27512. The first vulnerability could allow…

The Shoprite Group, one of the largest supermarket chains in Southern Africa, has been infected with ransomware. The chain recently issued a statement announcing the cyberattack for which the RansomHouse ransomware group claimed responsibility. The…

A team of researchers from Purdue University, the University of California, Santa Barbara, and Swiss Federal Institute of Technology Lausanne (EPFL) received a $3.9 million grant from the Defense Advanced Research Projects Agency (DARPA) in support of…

A team of researchers from North Carolina State University and Dokuz Eylul University demonstrated the first side-channel attack on homomorphic encryption, which could be used to leak data while the encryption process is in progress. They were not able…

According to an investigation by Cybernews, free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public.  Cybernews stated that the cache of 18.5GB connection logs allegedly contained more than 25…

According to new Microsoft research, two of the most prolific affiliate threat organizations, DEV-0237 and DEV-0504, which have been linked to various ransomware families, including Hive, Conti, and Ryuk, are now using the BlackCat Ransomware-as-a-…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory on protection against cyber threats…

SAP, a business software and solutions provider, recently released several new security notes on its June 2022 security patch day.  In particular, the document outlined ten new notes and two updated ones.  One vulnerability mentioned in SAP's…

Around March 2022, a new peer-to-peer botnet called Panchan emerged in the wild, mining cryptocurrencies on Linux computers in the education sector. Panchan is equipped with SSH worm functions such as dictionary attacks and SSH key abuse, allowing rapid…

On March 29, the FBI issued a warning about an ongoing and extensive phishing campaign aimed at US election officials. Since October 2021, attackers have attempted to obtain officials' login credentials in at least nine states by using fake invoice…

Security researchers at Digital Shadows Photon Research stated that passwordless technology might be one of the most hyped categories in cybersecurity at the moment, but the reality on the ground is that passwords are still widely entrenched and wildly…