17/68 Tuesday, January 14, 2025 Cybercriminals are employing a new deception technique to bypass Apple iMessage’s anti-phishing system, which automatically disables links in messages from unknown senders, whether from email addresses or phone numbers. By tricking users into replying to the message or adding the sender to their contact list, the links become active, placing […]
16/68 Monday, January 13, 2025 Telefónica, a Spanish telecommunications giant, has confirmed that its internal ticketing system was hacked after stolen data was published on a hacking forum. The company revealed that it has blocked access to the system and is conducting a thorough investigation into the incident. Telefónica, one of Spain’s largest multinational telecommunications […]
15/68 Monday, January 13, 2025 Fortinet, a leading cybersecurity company, has issued a warning about a new phishing campaign that deceives PayPal users by using highly convincing links that appear legitimate to gain unauthorized access to user accounts. The phishing emails are meticulously crafted to mimic genuine PayPal notifications, including details such as payment information, […]
14/68 Friday, January 10, 2025 SonicWall has urged its customers to promptly upgrade the SonicOS firmware of their firewalls to mitigate an authentication bypass vulnerability identified as CVE-2024-53704, with a CVSS score of 8.2. This vulnerability affects the SSL VPN and SSH management features, posing a significant risk to users who have enabled these features. […]
13/68 Friday, January 10, 2025 Ivanti, a provider of cybersecurity solutions, has disclosed the exploitation of a zero-day vulnerability identified as CVE-2025-0282 in its Ivanti Connect Secure product. This vulnerability allows hackers to execute remote code and install malware on affected systems. CVE-2025-0282 is classified as a critical buffer overflow vulnerability with a severity score […]
12/68 Thursday, January 9, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities in Oracle WebLogic Server and Mitel MiCollab to its Known Exploited Vulnerabilities (KEV) catalog after these vulnerabilities were found to be actively exploited in real-world attacks. The Oracle WebLogic Server vulnerability, identified as CVE-2020-2883, has a CVSS score of […]
11/68 Thursday, January 9, 2025 Cybercriminals are increasingly leveraging artificial intelligence (AI) to craft sophisticated and convincing phishing emails that are difficult to detect. This has resulted in a significant rise in successful attacks. According to Egress, an email security service provider, 71% of AI-generated phishing emails can bypass email filtering and security systems, putting […]
10/68 Wednesday, January 8, 2025 Tenable, the developer of the “Nessus” vulnerability scanning tool, has announced the deactivation of Nessus Scanner Agent versions 10.8.0 and 10.8.1 after discovering that “differential” plugin updates caused the agents to go offline on some systems. As a precaution, the company has temporarily halted plugin updates while investigating and addressing […]
09/68 Wednesday, January 8, 2025 Kaspersky security researchers have disclosed details about EagerBee, a backdoor malware developed to enhance its stealth capabilities and post-infection operations. This malware has been used to attack key organizations in Middle Eastern countries, with attackers targeting Internet Service Providers (ISPs) and government agencies. EagerBee demonstrates advanced technological capabilities by operating […]
08/68 Tuesday, January 7, 2025 A high-severity vulnerability has been discovered in Nuclei, an open-source vulnerability scanning tool, identified as CVE-2024-43405 with a CVSS score of 7.4. This vulnerability allows attackers to bypass signature verification and inject malicious code into templates. According to Wiz’s security team, the issue arises from differences in newline character handling […]
