There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra's SMTP PostJournal service.
A new 'FakeUpdate' campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor.
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure.
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premises environment that rely on it to access GPU resources.
Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.
A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems.
A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate.
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo."
SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE).
Dell has confirmed that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data.
An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin.
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.
GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE).
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks.
A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks.
Kawasaki Motors Europe has announced that its recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.
