HashiCorp has released updated versions (1.17.6, 1.16.10, 1.15.15) to fix the flaw, along with a new configuration option to enhance security. Users are advised to upgrade or adjust their configurations to protect against exploitation.

The CISA has issued a warning about hackers using basic techniques to target industrial systems, particularly OT and ICS devices in critical infrastructure, water, and wastewater systems.

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. “A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the […]

The six vulnerabilities, with high severity scores, could lead to unauthorized access and control over network infrastructure. Progress Software advises all WhatsUp Gold users to upgrade to version 24.0.1 to mitigate these vulnerabilities.

Cybersecurity researchers at Palo Alto Networks’ Unit 42 have discovered a prolific Phishing-as-a-Service platform called Sniper Dz, responsible for creating over 140,000 phishing websites in just one year.

Security researchers have found critical flaws in the Jupiter X Core WordPress plugin, affecting over 90,000 websites. The vulnerabilities could allow attackers to take control of websites or hijack user accounts, including admin accounts.

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” […]

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent