According to a team of researchers from Arizona State University, the University of New Mexico, the University of Michigan, and the University of Toronto's Citizen Lab, Virtual Private Networks (VPNs) are impacted by a vulnerability that can lead to Man-in-the-Middle (MitM) attacks, allowing threat actors to intercept and redirect traffic. The attack technique called "Port Shadow" builds on research first presented by Benjamin Mixon-Baca and Jedidiah R. Crandall in 2021. This article continues to discuss the Port Shadow technique.

Boat dealer MarineMax has started informing more than 123,000 individuals about a data breach resulting from a ransomware attack launched against the company earlier this year. The incident came to light in March, when the company revealed in an SEC filing that it was targeted in a cyberattack that had caused some disruption.

Researchers at Cybernews gained root access to the Rabbit R1 Artificial Intelligence (AI) personal assistant by exploiting a five-year-old vulnerability, cautioning consumers against purchasing a used Rabbit R1. According to the Cybernews research team, the device is vulnerable to an exploit called "Kamakiri," which has been public since January 2019 and affects several MediaTek Systems on Chip (SoCs). The Rabbit R1 runs on the MediaTek MT6765V SoC.

A popular cybercrime tool called "AuKill" that tampers with security solutions now kills protected Windows processes used by Endpoint Detection and Response (EDR) tools. "FIN7," also known as "Carbanak," "Carbon Spider," "Cobalt Group," and "Navigator Group" developed AuKill. It is a program designed to undermine endpoint security, employing over 10 different user and kernel mode techniques. This article continues to discuss findings regarding the AuKill cybercrime tool. 

Cisco has fixed a critical flaw that enables attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. The security vulnerability stems from an unverified password change flaw in SSM On-Prem's authentication system. The successful exploitation of this vulnerability lets unauthenticated, remote attackers change user passwords without knowing the original password. This article continues to discuss the potential exploitation and impact of the Cisco SSM On-Prem bug.

According to a Netskope study, 96 percent of organizations now use generative Artificial Intelligence (AI) applications, raising the risk of sharing sensitive data with these public tools. The report discovered that the sharing of proprietary source code with generative AI applications has resulted in 46 percent of all data policy violations. This article continues to discuss the use of generative AI applications by organizations, the risks posed by this use, and suggested security controls.

According to Legit Security, most GitHub Actions are overly privileged or have risky dependencies. The GitHub Actions marketplace's security was found to be especially poor, with most custom Actions not verified, maintained by one developer, or generating low scores based on the OpenSSF Scorecard. Insecure GitHub Actions enable attackers to compromise open source and launch supply chain attacks. They could use them as an initial attack vector into organizations that use GitHub. This article continues to discuss security-related findings regarding GitHub Actions.

Researchers believe cybercriminals in Iraq secretly posted malicious Python code to the popular PyPl repository. According to a report by the cybersecurity company Checkmarx, the cybercriminals used the malware to exfiltrate sensitive user data to a Telegram chatbot connected to multiple cybercriminal operations in Iraq. This article continues to discuss Iraq-based cybercriminals' deployment of malicious Python packages to steal data.

Researchers have discovered an updated variant of "BeaverTail" stealer malware used by attackers affiliated with the Democratic People's Republic of Korea (DPRK). According to security researcher Patrick Wardle, an Apple macOS disk image (DMG) file named "MiroTalk.dmg" mimics the legitimate video call service of the same name but delivers a native version of "BeaverTail." BeaverTail is a JavaScript stealer malware first documented by Palo Alto Networks Unit 42 in November 2023 as part of the "Contagious Interview" campaign.

Atlassian has released security updates to address several critical vulnerabilities in its Bamboo, Confluence, and Jira products. The software vendor called attention to the Bamboo Data Center and Server updates, which resolve two high-severity bugs, including one impacting the UriComponentsBuilder dependency. The flaw enables an unauthenticated attacker to execute Server-Side Request Forgery (SSRF) attack. This article continues to discuss the high-severity vulnerabilities recently patched in Atlassian's Bamboo, Confluence, and Jira products.