The Top Three MS Office Exploits Hackers Are Using Right Now Recent findings highlight the top three Microsoft Office exploits that cybercriminals are frequently using in real-world attacks. These include flaws in macro-enabled documents, malicious embedded objects, and privilege escalation vulnerabilities—often leveraged via phishing emails or booby-trapped Office files. Attackers exploit users’ trust in familiar […]
10 Critical Network Penetration Test Findings Every Organisation Should Know The article highlights the 10 most common and critical findings from network penetration tests, illustrating how weaknesses in infrastructure, misconfigurations, and unpatched systems can expose organisations to serious threats. It starts by stressing the importance of regular pentesting and quickly dives into each finding: Ensuring […]
Researchers Reveal 46 Critical Security Vulnerabilities in Embedded Systems Researchers have identified 46 critical vulnerabilities affecting a range of embedded systems, including IoT devices and other networked hardware. These flaws pose significant risks, as attackers could potentially exploit them to gain remote access, disrupt operations, or exfiltrate sensitive data. The vulnerabilities affect multiple vendors, some […]
CoffeeLoader Malware Conceals Code with GPU Techniques Researchers have discovered a new CoffeeLoader malware strain that leverages GPU-based obfuscation techniques to hide malicious code on compromised systems. By shifting some functionalities to the graphics card’s memory, CoffeeLoader reduces its footprint in system RAM, making it harder for conventional antivirus and endpoint detection tools to spot. […]
Critical AMI BMC Vulnerability Revealed, Putting Servers at Risk Security researchers have identified a critical vulnerability in American Megatrends Inc. (AMI) baseboard management controller (BMC) software. BMCs provide remote management features for servers, including power cycling and hardware monitoring. The newly discovered flaw could enable attackers with network access to bypass authentication controls, potentially allowing […]
Resurge Malware Exploits Ivanti Flaw, Prompting Urgent Patching A new strain of Resurge malware has been spotted exploiting a recently disclosed vulnerability in Ivanti’s product line, notably affecting Ivanti Endpoint Manager. According to security researchers, attackers can leverage this flaw to gain unauthorised access, potentially enabling remote code execution or privilege escalation. The malware then […]
According to the latest Patch Tuesday announcement, Microsoft has released 57 security fixes covering a broad range of products, including Windows OS, Microsoft Office, and Azure services. Among the patched flaws are several that attackers have already exploited in the wild, emphasising the need for immediate deployment. Security experts advise users and IT teams to […]
Security researchers have sounded the alarm over a newly emerged botnet known as BadBox 2.0, which has reportedly infected over 1 million devices worldwide. The malware spreads by exploiting unpatched routers, IoT gadgets, and poorly secured servers, transforming them into nodes that carry out illegal activities, such as launching distributed denial-of-service (DDoS) attacks or stealing […]
A new threat has emerged in the Python ecosystem, with malicious packages lurking on the popular PyPI repository. Researchers have revealed that these suspicious modules were designed to steal cloud platform credentials, putting both individual developers and organisations at risk. When unsuspecting users install these tainted packages, hidden scripts activate in the background, exfiltrating data […]
