Atlassian Fixed Critical RCE Flaw in Older Confluence Versions

/in

This template injection vulnerability allows remote attackers to execute arbitrary code on affected Confluence installs. Versions 8.0.x through 8.5.3 are impacted, but the latest supported versions are not affected.

Cyware News – Latest Cyber News – ​Read More

Remcos RAT Spreading Through Adult Games in New Attack Wave

/in

Remcos RAT is being distributed in South Korea disguised as adult-themed games via webhards, highlighting the deceptive tactics used by threat actors to propagate malware.

Cyware News – Latest Cyber News – ​Read More

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

/in

GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container.
The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an

The Hacker News – ​Read More

Windows SmartScreen Bug Abused to Deploy Phemedrone Stealer

/in
Despite being patched in November 2023, the CVE-2023-36025 Windows SmartScreen bypass vulnerability is still being exploited by malware distributors. The latest threat delivered through this vulnerability is a variant of the Phemedrone Stealer. To mitigate such threats, it’s crucial for users and organizations to regularly update their software and educate themselves about safe online practices.

Cyware News – Latest Cyber News – ​Read More

Tokyo startup Sakana AI lands $30M to forge new path with compact AI models

/in

Sakana AI, a Tokyo-based startup founded by former Google researchers, raises $30 million to develop smaller, efficient AI models inspired by natural swarm intelligence.Read More

Security News | VentureBeat – ​Read More

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

/in

Anyone who hasn’t mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.

darkreading – ​Read More

Effective Incident Response Relies on Internal and External Partnerships

/in

Dark Reading Research finds increased collaboration between security incident responders and groups within the HR, legal, and communications functions.

darkreading – ​Read More

Snyk Acquires Helios for Runtime Visibility

/in

Developer-security company Snyk acquired Helois, a startup specializing in capturing security-relevant data from live applications.

darkreading – ​Read More