Wajahat Raja

TuxCare

Recent reports about legal proceedings, a 34-year-old Russian-Canadian national, Mikhail Vasiliev, has been handed a sentence of almost four years in Canadian prison. Vasiliev’s involvement in the global ransomware scheme known as LockBit led to this outcome. The United States Department of Justice (DoJ) initially charged him with conspiring to ... Read More

In a recent revelation by cybersecurity experts at Kaspersky Labs, a concerning cyber threat has emerged targeting users of popular text editing software in China. This sophisticated attack involves the distribution of altered versions of well-known editors like Notepad++ and Vnote Installers, aimed at infiltrating users’ systems with harmful malware ... Read More

The Zero Day Initiative (ZDI) by Trend Micro uncovered a phishing campaign that exploited a patched Microsoft flaw to infect devices with DarkGate malware. CVE-2024-21412 was the Microsoft patch that was exploited by using fake software installers. PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects were used to lure ... Read More

In the realm of cybersecurity, constant vigilance is paramount as threat actors perpetually seek novel ways to exploit vulnerabilities. Recent research has shed light on a concerning trend: the potential misuse of third-party plugins associated with OpenAI’s ChatGPT platform. These ChatGPT plugin security vulnerabilities, intended to enhance user experience and ... Read More

Tomer Peled, an Akamai cybersecurity security researcher, recently discovered a Kubernetes RCE vulnerability that allows threat actors to remotely execute code on Windows endpoints. Not only this but the threat actors can have full system privileges while executing the code.  Peled explained how the Kubernetes volumes can be exploited, which ... Read More

Cybersecurity experts at ESET have come across a malicious campaign that targets Tibetans in many countries by leveraging the website of a religious gathering. Evasive Panda cyber attacks are associated with a China-linked Advanced Persistent Threat (APT) actor.  The development comes days after the MoqHao cybersecurity threat that was also ... Read More

As per recent reports, threat actors are increasingly leveraging Facebook messages to distribute the Python Snake Info Stealer malware. Researchers have noticed that threat actors are using three variants of the information stealer. It’s worth mentioning here that two of these installers are regular Python scripts, whereas the third is ... Read More

In light of recent events, Cisco has released patches for two high-severity network vulnerabilities in its Secure Client. As per recent reports, vulnerabilities leading to the Cisco VPN hijacking flaw are being tracked as CVE-2024-20337 and CVE-2024-20338. These VPN security vulnerabilities have a severity score of 8.2 and 7.3, respectively.  ... Read More

In a recent discovery by Sucuri, a concerning trend has emerged involving brute-force attacks on WordPress sites through malicious JavaScript injections. These WordPress brute-force attacks stand out for their stealthy approach. Security researcher Denis Sinegubko notes that these attacks specifically target WordPress websites through the browsers of unsuspecting site visitors ... Read More

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical JetBrains TeamCity vulnerability, emphasizing the urgent need for users to take preventive measures. The recently discovered flaw has been added to the Known Exploited Vulnerabilities (KEV) Catalog, with evidence of active exploitation.   CISA Advisory On JetBrains TeamCity ... Read More