Blog
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
Key vulnerabilities include log manipulation in PHP-FPM (CVE-2024-9026), bypassing redirect configurations (CVE-2024-8927), CGI parameter injection vulnerability (CVE-2024-8926), and erroneous parsing of multipart form data (CVE-2024-8925).
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's...
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails
The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to...
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now...
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by...
THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 23-29)
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing...
A Hacker’s Era: Why Microsoft 365 Protection Reigns Supreme
Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in...
Storm-0501 Expands Ransomware Attacks to Hybrid Cloud Environments
Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.
Storm-0501 Expands Ransomware Attacks to Hybrid Cloud Environments
Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.
Storm-0501 Expands Ransomware Attacks to Hybrid Cloud Environments
Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.
FREE GUIDE
