News • Insights • Analysis
Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 Read More …
Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-6632 is an SQL Read More …
In an increasingly digital world, the importance of mobile security cannot be overstated. With millions of apps available on Google’s Play Store and Apple’s App Store, users trust developers to safeguard their personal information. Unfortunately, this trust is often misplaced. Read More …
A recent study by a cybersecurity firm confirmed that the Dutch solar energy grid is vulnerable to multiple types of attacks on its system. A new study by a cybersecurity firm confirmed that one of Europe’s largest solar energy grids Read More …
Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. The investigation into Tracki, Read More …
Microsoft has released the monthly round of Patch Tuesday security updates, with fixes for a total of 90 vulnerabilities across the Windows ecosystem. Of these, the Microsoft Security Response Center warns that five Windows vulnerabilities have confirmed and active cyber Read More …
This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Read More …
5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned. Unveiled at the Black Hat cybersecurity conference, a research Read More …
Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. Systems built on instruction-executing LLMs may be vulnerable to prompt injection attacks. A prompt is a Read More …
A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities. Alon Leviev unveiled his findings at Black Hat Read More …
