SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
Sophos X-Ops sees exploitation across multiple customer estates
Sophos X-Ops sees exploitation across multiple customer estates
Related
Fake DeepSeek Ads Spread Malware to Google Users
Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers.
AI-Powered Ransomware Has Arrived With ‘PromptLock’
Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises.
Memento Spyware Tied to Chrome Zero-Day Attacks
While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with…
Patch Released for Critical vm2 Sandbox Escape Vulnerability
UPDATE April 19 2023: Updated to include another sandbox vulnerability in vm2 (CVE-2023-30547).Earlier this week, an update was released for a critical sandbox escape vulnerabilities in vm2 (CVE-2023-29017 and CVE-2023-29199) , which ultimately allows for remote code execution by an attacker. vm2 is a widely used module within the Node.js library that provides a sandbox…
Bug Bounty Programs Rise as Key Strategic Security Solutions
Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.