-
![Vulnerability Mastodon]()
Mastodon Rolls Out Urgent Security Update to Mitigate Critical Vulnerabilities Threatening Millions of Users
Mastodon, a decentralized social network with a user base exceeding 14 million, has issued a security update to address critical vulnerabilities that could expose its users to cyberattacks. The most severe vulnerability, CVE-2023-36460, allows attackers to exploit a glitch within the media attachments feature, enabling the creation and overwriting of files in any location that…
-
![Samsung Phones Vulnerabilities]()
CISA Adds Samsung Phone Vulnerabilities to Its “Must Patch” Vulnerabilities Catalog
In an ongoing effort to enhance cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has identified and added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These additions are based on evidence of active exploitation in the wild, and they encompass a range of devices and manufacturers. The first new addition, CVE-2019-17621, refers to…
-
![Ultimate Member vulnerability]()
Critical Security Flaw in Ultimate Member WordPress Plugin Leaves Over 200,000 Sites at Risk
WordPress website owners are urged to be on high alert as hackers are exploiting a zero-day privilege escalation vulnerability in the ‘Ultimate Member’ WordPress plugin. This exploit allows attackers to compromise websites by bypassing security measures and creating rogue administrator accounts. Ultimate Member, a popular plugin with over 200,000 active installations, streamlines user profiles, membership…
-
![EncroChat EuroPol]()
EncroChat Takedown: Over 6,500 Arrests and €900 Million Seized in Blow to Organized Crime
The French and Dutch judicial and law enforcement authorities revealed in Lille today that the takedown of the encrypted communication tool EncroChat, in 2020, has resulted in 6,558 arrests worldwide, including 197 high-value targets. Nearly €900 million in criminal funds have been seized or frozen since the operation began. EncroChat was an encrypted communication tool…
-
![Twitter]()
UK Hacker Sentenced to 5 Years for Role in Massive Twitter Hack
A UK citizen involved in the July 2020 Twitter hack pleaded guilty to multiple cybercrimes in the US and was sentenced to 5 years in prison on Friday. Joseph James O’Connor, 24, was part of a conspiracy that hijacked over 130 Twitter accounts, including those of politicians and celebrities, to perpetrate a cryptocurrency scam. According…
-
![Apple IOS and MacOS]()
Apple Releases iOS 16.5.1 and iPadOS 16.5.1 with Critical Security Fixes
Apple has rolled out iOS 16.5.1 and iPadOS 16.5.1, addressing critical security vulnerabilities that could allow attackers to execute arbitrary code. The updates are available for iPhone 8 and later models, iPad Pro, iPad Air (3rd generation and later), iPad (5th generation and later), and iPad mini (5th generation and later). Apple’s approach to security…
-
![ChatGPT OpenAI data breach]()
Surge in Compromised ChatGPT Accounts
Group-IB, a leading cybersecurity company based in Singapore, reported that over the past year it has identified a staggering 101,134 instances of stealer-infected devices with saved ChatGPT credentials. Group-IB’s Threat Intelligence platform made this discovery through analyzing logs of information-stealing malware, which were being traded on illicit dark web marketplaces. The Rising Threat to ChatGPT…
-
![Azure AD]()
Descope Security Team Uncovers “nOAuth” Flaw in Microsoft Azure AD OAuth Applications
The Descope security team has recently uncovered a significant security vulnerability in Microsoft Azure AD OAuth applications, which they have dubbed “nOAuth”. This term has been coined to denote an authentication implementation flaw, with a touch of wordplay. nOAuth is an authentication implementation flaw that primarily affects Microsoft Azure AD multi-tenant OAuth applications. According to…
-
![AI Robot cybersecurity]()
Cybersixgill Breaks New Ground with Launch of AI-Driven Cyber Threat Intelligence Solution, Cybersixgill IQ
Global cyber threat intelligence data provider, Cybersixgill, has announced the launch of “Cybersixgill IQ”, a state-of-the-art generative artificial intelligence (AI) solution. This groundbreaking development in the realm of cyber threat intelligence (CTI) leverages dark web data, Open Source Intelligence (OSINT), and contextual information pertaining to organizations’ attack surfaces. The announcement was strategically timed ahead of…
-
![]()
U.S. Law Enforcement Arrests Russian National for Role in LockBit Ransomware Attacks
The US Department of Justice (DoJ) has announced the arrest of a Russian national accused of participating in cyber-attacks using the LockBit ransomware. Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, allegedly targeted computer systems in the United States, Asia, Europe, and Africa. This marks the second arrest in six months involving a Russian national…
