A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
A 20-plus-year-old design flaw in the DNSSEC specification, named KeyTrap, can be exploited by a single packet to disable vulnerable DNS servers, affecting web clients and other applications relying on them.
Lurka’s label comes out of the shadows Bristol-based producer Lurka is well named – there’s precious little trace of his face online, even though the wonderfully atmopsheric, dubby grooves he makes are everywhere. Now, after releases for the likes of Fringe White, Timedance, Blackbox and Hotline, he’s launched his own label. Make Your Own Meaning […]
A threat actor named “xc7d2f4” is allegedly selling remote command injection vulnerability for Cisco ASA. The threat actor has claimed that this vulnerability exists on all 55XX series of the Cisco Adaptive Security Appliance (ASA). The Cyber Express has reached out to Cisco to confirm the details of the alleged vulnerability exposure, but an official […]
Israel has named Iran and Hezbollah as the culprits behind a cyberattack on the the Ziv Medical Center. A joint investigation by the Israel National Cyber Directorate, the Israel Defense Forces, and the Israeli Security Agency determined that Iran’s Ministry of Intelligence orchestrated the attack, with the involvement of Hezbollah’s “Lebanese Cedar” cyber unit. Some […]
The CISA and the FBI issued a joint advisory to warn organizations about a cybercriminal group named Scattered Spider, which has recently updated its TTPs to infiltrate targets. It comes a few days after the CISA issued advisories on IOCs and TTPs associated with Rhysida ransomware and Royal ransomware that have been targeting organizations worldwide. […]
Researchers have discovered a vulnerability named CacheWarp in AMD’s SEV trusted execution environment, which can lead to arbitrary code execution, exposure of sensitive data, or privilege escalation within a guest VM.
Cybersecurity researchers at SentinelLabs have uncovered a new Python-based infostealer and hack tool named “Predator AI.” The malicious tool is specifically designed to target cloud services and integrates artificial intelligence (AI) technology, specifically a ChatGPT-driven class implemented into the Python script. The inclusion of the GPTj class adds a chat-like text-processing interface to interact with […]
A former Dutch cybersecurity professional named Pepijn Van der Stap has been sentenced to four years in prison for hacking and blackmailing more than a dozen companies. He also infiltrated networks and stole sensitive information.