Bleeping Computer

TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service

TheMoon is linked to the "Faceless" proxy service, which uses some of the infected devices as proxies to route traffic for cybercriminals who wish to anonymize their malicious activities.

Hackers Exploit Ray Framework Flaw to Breach Servers, Hijack Computing Resources

A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.

Germany Warns of 17K Vulnerable Microsoft Exchange Servers Exposed Online

According to the German Federal Office for Information Security (BSI), around 45,000 Microsoft Exchange servers in Germany have Outlook Web Access (OWA) enabled and are accessible from the Internet.

New ZenHammer Memory Attack Impacts AMD CPUs Based on Zen Architecture

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on a recent AMD Zen microarchitecture that maps physical addresses on DDR4 and DDR5 memory chips.

CISA Urges Software Devs to Weed out SQL Injection Vulnerabilities

Parameterized queries are a better option for a secure-by-design approach compared to input sanitization techniques because the latter can be bypassed and are difficult to enforce at scale.

Google’s New AI Search Results Promotes Sites Pushing Malware, Scams

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.

Russian Hackers Target German Political Parties With WineLoader Malware

The campaign has been active since late February and mainly uses phishing emails that appear to come from the German Christian Democratic Union, according to a report by Mandiant.

Hackers Earn $1,132,500 for 29 Zero-Days at Pwn2Own Vancouver

Vendors have 90 days to release security fixes for zero-day vulnerabilities reported during Pwn2Own contests before TrendMicro's Zero Day Initiative discloses them publicly.

Update: Exploit Released for Fortinet RCE Bug Used in Attacks, Patch Now

While the company didn't initially mention that CVE-2023-48788 was being used in attacks, it has since silently updated the advisory to say that the "vulnerability is exploited in the wild."

Unsaflok Flaw can Let Hackers Unlock Millions of Hotel Doors

Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by forging a pair of keycards.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags