Featured
Critical VPN Client Vulnerabilities Allow Attackers to Deploy Malware Through Fake Servers
Security researchers have discovered severe flaws in Palo Alto Networks' GlobalProtect and SonicWall's NetExtender VPN clients that enable attackers to execute malicious code through rogue VPN servers. The vulnerabilities could allow credential theft and system compromise through unauthorized software updates with elevated privileges.
D-Link Refuses Security Patches for 60,000 Vulnerable DSL Modems
D-Link announces it won't patch critical security vulnerabilities affecting 60,000 DSL6740C modems still in use, leaving users exposed to potential cyberattacks. Multiple severe flaws were discovered, including unauthorized password changes and remote code execution vulnerabilities.
Major Retailers Face Disruption as Blue Yonder Hit by Ransomware Attack
A significant ransomware attack on supply chain software provider Blue Yonder has impacted operations at Starbucks and major UK supermarkets. The incident highlights the widespread effects of cyber attacks on supply chain services, forcing companies to implement manual workarounds while recovery efforts continue.
U.S. Army Soldier Suspected in Snowflake Cloud Storage Extortion Campaign
A hacker known as 'Kiberphant0m', suspected to be an active U.S. Army service member in South Korea, has been linked to multiple data breaches and extortion attempts targeting Snowflake cloud storage customers. The investigation revealed multiple online personas and connections to various cybercrime activities including AT&T data theft and DDoS attacks.
Zero-Click Attack: RomCom Hackers Chain Firefox and Windows Flaws in Sophisticated Campaign
Russian-aligned RomCom hackers exploited two zero-day vulnerabilities in Firefox and Windows to silently compromise systems across Europe and North America. The sophisticated attack required no user interaction, highlighting the growing capabilities of state-sponsored threat actors.
Google Dismantles Massive Chinese Disinformation Network 'Glassbridge'
Google has taken down over 1,000 websites operated by Chinese companies that were spreading pro-Beijing propaganda through fake news domains. The sophisticated influence operation, led by Shanghai Haixun Technology, targeted audiences across 30 countries with deceptive content on sensitive political topics.
Ransomware Attack on Blue Yonder Cripples Major Retail Supply Chains
A devastating ransomware attack on supply chain software provider Blue Yonder has forced major retailers like Starbucks to resort to manual operations. The incident, occurring during the peak Thanksgiving period, has disrupted warehouse management and retail operations across the U.S. and UK.
US to Expand Sanctions on Chinese Semiconductor Industry, Including HBM Technology
The Biden administration plans to impose sanctions on 200 Chinese chip firms, with potential restrictions on High Bandwidth Memory exports. This escalation in US-China tech rivalry could reshape the global semiconductor landscape while impacting major players like Nvidia and Huawei.
BlackBasta: The Rising Ransomware Empire Filling Conti's Void
Following Conti's downfall, BlackBasta has emerged as a formidable force in Russian ransomware operations, showcasing remarkable adaptability through custom malware tools and sophisticated attack methods. The group's targeting of healthcare sectors and potential ties to state actors signal an evolving threat landscape requiring enhanced cybersecurity measures.