The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.
Автор: Nate Nelson, Contributing Writer
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering.
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov’t Orgs
A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.
Patch Now: Second SolarWinds Critical Bug in Web Help Desk
The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-discussed IT help desk software.
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds
Ironically, Macs’ lower risk profile may make them more susceptible to any given threat than the average Windows or Linux system.
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection
Analysts have been picking up increased cases of malware delivery via Windows Installer files in Southeast Asia.
Critical, Actively Exploited Jenkins RCE Bug Suffers Patch Lag
A seven-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.
IRGC-Linked Hackers Package Modular Malware in Monolithic Trojan
Charming Kitten goes retro and consolidates its backdoor into a tighter package, abandoning the malware framework trend.
Every Google Pixel Phone Has a Verizon App that Doubles As a Backdoor
What is a Verizon Wireless demo store app doing on non-Verizon phones, and why is it a vehicle to an attacker?
Are 2024 US Political Campaigns Prepared for the Coming Cyber Threats?
When it comes to this year’s candidates and political campaigns fending off major cyberattacks, a lot has changed since the 2016 election cycle.