Shopping News / Articles
New IoT Botnet Uses 1,496 Default Passwords and Seven Persistence Mechanisms
2+ hour, 3+ min ago (429+ words) The malware targets a broad range of Linux-based systems and uses Telnet credential brute forcing, scanning modules, encrypted command-and-control (C2), and multiple resilience features The botnet carries 1,496 username-and-password pairs aimed at devices still using factory or commonly reused credentials. Its Telnet…...
SonicWall SMA1000 Flaws Actively Exploited for SSRF and Remote Code Execution
22+ hour, 55+ min ago (296+ words) The flaws, tracked as CVE-2026-15409 and CVE-2026-15410, allow attackers to chain an unauthenticated SSRF bug with a post-authentication code injection flaw to achieve full remote code execution on affected devices. CVE-2026-15409 is a maximum-severity Server-Side Request Forgery (SSRF) vulnerability (CWE…...
Microsoft Warns ShinyHunters Abuse OAuth Tokens to Maintain Persistent Salesforce Access
2+ day, 3+ hour ago (322+ words) Microsoft has warned that threat actors using tradecraft linked to the ShinyHunters extortion group are abusing trusted OAuth relationships to gain persistent access to Salesforce environments, steal CRM data, and evade traditional sign-in detections. The attackers relied on three primary…...
Multiple U-Boot FIT Signature Vulnerabilities Enable Code Execution and DoS Attacks
6+ day, 2+ hour ago (543+ words) A newly disclosed six vulnerabilities in U-Boot, one of the most widely deployed bootloaders in embedded systems, routers, IoT devices, and Baseboard Management Controllers (BMCs) used in data center servers. The flaws reside in the FIT (Flattened Image Tree) Signature…...
Wireshark 4.6.7 Fixes 12 Security Flaws Causing Crashes and Infinite Loops
5+ day, 21+ hour ago (459+ words) Wireshark has released version 4.6.7, addressing 12 security vulnerabilities that could lead to application crashes, information disclosure, and resource exhaustion via maliciously crafted network traffic or capture files. Because the tool processes untrusted packet data and capture files, flaws in its protocol…...
Hackers Abuse CitrixBleed 2 to Steal Session Tokens and Bypass MFA Protections
5+ day, 23+ hour ago (378+ words) They progressed through privilege escalation, rogue administrator account creation, remote management tool deployment, and, in one confirmed case, the deployment of the DragonForce ransomware. The activity is assessed with high confidence to involve an Initial Access Broker, or possibly a…...
Microsoft Warns GigaWiper Merges Crucio and FlockWiper Code Into Destructive Backdoor
6+ day, 2+ hour ago (394+ words) Microsoft has warned of a new destructive malware platform called GigaWiper, a Golang-based backdoor designed to give attackers persistent access, remote control, data collection, and several options for destroying Windows systems. Researchers found both standalone wiper samples and larger backdoor…...
Fake Braintree Package Steals Credit Cards Only in Production to Avoid Detection
6+ day, 3+ hour ago (435+ words) A highly sophisticated malware campaign was recently discovered lurking within the NuGet ecosystem, targeting developers who use the popular Braintree payment gateway. Security researchers at Socket flagged a malicious package named “Braintree.Net,” which masquerades as the official Braintree.NET…...
AI-Assisted Cloud Attack Compromises AWS Environment in Just 72 Hours
6+ day, 15+ hour ago (331+ words) A threat actor leveraging AI-assisted tooling breached a large AWS-based environment and expanded across applications, cloud infrastructure, source-control repositories, CI/CD pipelines, and runtime services in approximately 72 hours, according to a new investigation by incident response firm Sygnia. The case…...
Fake Chinese VPN Drops GoodPersonRAT With Keylogging, Proxying, and Telegram Theft
1+ week, 3+ hour ago (408+ words) The legitimate VPN service is highly popular for its ability to bypass China’s Great Firewall. However, attackers are exploiting its reputation to deploy hidden malware. This fake installer drops a dangerous, encrypted Remote Access Trojan (RAT) that grants attackers complete…...
Shopping
Please enter a search for detailed shopping results.