Security Alerts

On September 19, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog by adding several critical security vulnerabilities affecting major software products, including Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server. These vulnerabilities have been actively exploited and pose a significant risk to […]

A critical vulnerability, CVE-2024-45488, has been discovered in One Identity’s Safeguard for Privileged Passwords (SPP), an enterprise-level solution designed to protect and manage privileged credentials. This vulnerability, commonly referred to as “Skeleton Cookie,” allows attackers to bypass authentication and potentially gain full administrative access to the virtual appliance, posing significant security risks. Understanding the Software: […]

In May 2024, Kaspersky Labs uncovered a sophisticated malware campaign that uniquely targeted users in Italy, deploying a new Remote Access Trojan (RAT) called SambaSpy. What makes this campaign stand out is the meticulous focus on Italian-speaking users, as outlined in Kaspersky's latest report. In an unusual move for cybercriminals, the attackers ensured that their […]

The Lumma Stealer malware is being distributed through a new and increasingly deceptive method: fake human verification pages. This sophisticated phishing campaign, primarily targeting Windows users, tricks individuals into running malicious PowerShell commands, leading to the theft of sensitive information. Discovered by Unit42 at Palo Alto Networks and further investigated by cybersecurity firm CloudSEK, this […]