9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software

Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. “This gives the

Read More

New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. “SockDetour is a backdoor that

Read More

Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. “MuddyWater actors are positioned both to provide stolen

Read More

Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country’s full-blown invasion of Ukraine enters the second day. In addition to cautioning of the “threat of an increase in the intensity of

Read More

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

Multiple security vulnerabilities have been disclosed in Canonical’s Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on

Read More

Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks

Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early

Read More

Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites

Patches have been issued to contain a “severe” security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site’s private data using an account on the vulnerable sites. “All versions of

Read More

U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The “Free Cybersecurity Services

Read More

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that

Read More