The flaw in GeoServer, tracked as CVE-2024-36401 and with a CVSS score of 9.8, was swiftly capitalized on by hackers who launched campaigns using botnet families and cryptominers to spread malicious tools like Goreverse, a reverse proxy server.

The flaw in GeoServer, tracked as CVE-2024-36401 and with a CVSS score of 9.8, was swiftly capitalized on by hackers who launched campaigns using botnet families and cryptominers to spread malicious tools like Goreverse, a reverse proxy server.

Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like...

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has...

Initially believed to only impact SonicOS management access, it has now been confirmed to affect SSLVPN on SonicWall firewalls, including by Akira ransomware affiliates targeting accounts with disabled MFA and outdated firmware versions.

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher...

The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center highlighted the ongoing discovery of vulnerabilities in Tomcat that pose a risk to organizations.

Red Hat has issued a critical security advisory for an authentication bypass vulnerability (CVE-2024-7923) in Pulpcore, a content management system used in Red Hat Satellite deployments.

A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE,...

The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155). "These cyber actors are...