Julien Maury Avatar
  • hacked

    U.S. Agencies Ordered to Fix Critical VMware Vulnerabilities by Monday

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to fix critical vulnerabilities in VMware products by Monday or remove the products from service. Multiple VMware products are affected by two new critical vulnerabilities that the company issued updates for yesterday. Recorded as CVE-2022-22972 and CVE-2022-22973, the bugs allow an authentication bypass […]

  • log4shell AI vulnerability

    Log4j Vulnerability Puts Enterprise Data Lakes and AI at Risk

    The Apache Log4j Log4Shell bug is one of the most critical vulnerabilities in the history of cybersecurity. Hundreds of millions of devices use the Log4j component for various online services, among them government organizations, critical infrastructure, companies and individuals. Actually, pretty much all software uses this library written in Java, so it’s a very widespread […]

  • hacking techniques

    Software Supply Chain: A Risky Time for Dependencies

    The software supply chain is a critical element in the lifecycle of applications and websites. The interdependencies and components common in modern software development can increase the attack surface and sometimes allow hackers to bypass robust security layers you’ve added to your infrastructure. Indeed, only one flaw in the code base can be enough to […]

  • F5 BIG-IP flaw

    Critical F5 BIG-IP Flaw Actively Exploited by Hackers

    User’s of F5’s BIG-IP application services could be vulnerable to a critical flaw that allows an unauthenticated attacker on the BIG-IP system to run arbitrary system commands, create or delete files, or disable services. The vulnerability is recorded as CVE-2022-1388 with a 9.8 severity rating, just below the highest possible rating of 10. The U.S. […]

  • Hackers Are Now Exploiting Windows Event Logs

    Hackers have found a way to infect Windows Event Logs with fileless malware, security researchers have found. Kaspersky researchers on May 4 revealed “a new stash for fileless malware.” During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. This new approach is highly sophisticated yet could still […]

  • burp suite

    Getting Started with the Burp Suite: A Pentesting Tutorial

    Burp is one of the top-rated security suites for pentesting and ethical hacking. While there are paid professional and enterprise editions, you can install the community edition for free and even use it directly from Kali Linux. The Burp suite is widely used by security professionals to perform advanced scans and various traffic interceptions (e.g., […]

  • New DNS Spoofing Threat Puts Millions of Devices at Risk

    Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations. Nozomi Networks Labs found the vulnerability in the Uclibc and uClibc-ng libraries, which provide functions to make common DNS operations such as lookups or translating domain names to […]

  • Onyx ransomware code

    Onyx Ransomware Destroys Large Files Instead of Locking Them

    Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. As the MalwareHunterTeam noted in a Twitter thread, “as the ransomware they are using is a trash skidware, it’s destroying a part of the victims’ files.” The […]

  • Nimbuspwn exploit

    Nimbuspwn: New Root Privilege Escalation Found in Linux

    The Microsoft 365 Defender Research Team has revealed several new Linux vulnerabilities collectively dubbed “Nimbuspwn.” Like the Dirty Pipe vulnerability, they only need a local user with low capabilities to elevate privileges, but this time the exploit seems much more specific and focuses on “networkd-dispatcher,” a systemd component that handles connection status changes. The Nimbuspwn […]

  • Hacker at computer

    WatchGuard, Windows Vulnerabilities Require Urgent Fixes

    Vulnerabilities in WatchGuard firewalls and Microsoft Windows and Windows Server need to be patched and fixed immediately, security organizations said in alerts this week. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged organizations to patch a critical WatchGuard firewall vulnerability (CVE-2022-23176) that affects the Fireware operating system running on WatchGuard Firebox and XTM appliances, […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis