Digitpol News & Media

Cyber Alerts

• New NachoVPN attack uses rogue VPN servers to install malicious updates November 26, 2024
  A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto
• BlackBasta Ransomware Brand Picks Up Where Conti Left Off November 25, 2024
  New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS)
• QNAP pulls buggy QTS firmware causing widespread NAS issues November 22, 2024
  ​QNAP has pulled a recently released firmware update after widespread customer reports that it's breaking connectivity and
• North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn November 22, 2024
  The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10
• Over 2,000 Palo Alto firewalls hacked using recently patched bugs November 21, 2024
  Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities
• MITRE shares 2024's top 25 most dangerous software weaknesses November 20, 2024
  MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more
• It's Near-Unanimous: AI, ML Make the SOC Better November 20, 2024
  Efficiency is the name of the game for the security operations center — and 91% of cybersecurity pros say
• Oracle warns of Agile PLM file disclosure flaw exploited in attacks November 19, 2024
  Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as
• D-Link urges users to retire VPN routers impacted by unfixed RCE flaw November 19, 2024
  D-Link is warning customers to replace end-of-life VPN router models after a critical
• Chinese hackers exploit Fortinet VPN zero-day to steal credentials November 18, 2024
  Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-
• Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation November 18, 2024
  Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the
• Security plugin flaw in millions of WordPress sites gives admin access November 16, 2024
  A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly '
• CISA warns of more Palo Alto Networks bugs exploited in attacks November 14, 2024
  CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively
• Microsoft Power Pages Leak Millions of Private Records November 13, 2024
  Less-experienced users of Microsoft's website building platform may not understand all the implications of the access
• Microsoft Exchange adds warning to emails abusing spoofing flaw November 12, 2024
  Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails
• FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 November 12, 2024
  ​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a
• Palo Alto Networks warns of potential PAN-OS RCE vulnerability November 8, 2024
  Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code
• Malicious PyPI package with 37,000 downloads steals AWS keys November 8, 2024
  A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since
• D-Link won’t fix critical flaw affecting 60,000 older NAS devices November 8, 2024
  More than 60,000 D-Link network-attached storage devices that have reached end-of-
• DocuSign's Envelopes API abused to send realistic fake invoices November 4, 2024
  Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine