A recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the…
Tag: EN
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data…
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind…
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. “This research focuses on completing the…
Building Resilience Against Zero-Day Threats in Third-Party Risk Management
Global zero-day incidents often reveal the vulnerability of organizations to risks originating from third-party resources. These moments are wake-up calls, highlighting the need for effective third-party risk management (TPRM). However, responding to such events is rarely straightforward. Identifying affected third…
Preparing financial institutions for the next generation of cyber threats
In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial sectors…
PoC Exploit Released for Critical Cacti Vulnerability Let Attackers Code Remotely
A critical vulnerability in the Cacti performance monitoring framework, tracked as CVE-2025-22604, has been disclosed, with a proof-of-concept (PoC) exploit now publicly available. This vulnerability allows authenticated users with device management permissions to execute arbitrary code on the server by…
Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities
In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually gaining control over 3,000 subsidiary companies managed by a parent organization. The exploration leveraged flaws in API configurations, bypassed key security protocols, and exposed sensitive…
2025-01-28: Malwre infection from web inject activity
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2025-01-28: Malwre infection from web inject activity
API Supply Chain Attacks Surge, Exposing Critical Security Gaps
API attack traffic rose by 681% over a 12-month period, far outpacing the 321% increase in overall API call volume – a dramatic surge that highlights threat actors’ growing focus on APIs as attack vectors. This was one of the…
Cyberattack Crashes the Party Amid DeepSeek’s Meteoric Rise
Chinese artificial intelligence (AI) startup DeepSeek, which has taken the market by storm, has temporarily limited new user registrations following a large-scale cyberattack that disrupted its services. According to Reuters, the attack coincided with the company’s AI assistant becoming the…
Cloudflare’s Data Pipeline Powered to Handle 700 Million Events Per Second
Cloudflare revealed how its data pipeline has achieved unprecedented scalability, processing up to 706 million events per second as of December 2024 representing a staggering 100x growth since 2018. This massive data flow, which peaks at 107 GiB/s of compressed…
SEC and FCA fines: Issues jump
The financial sector faces communication compliance challenges as organizations struggle to maintain oversight across communication channels. Adding to the complexity is the unexpected rise of unconventional platforms, such as Snapchat, used for business operations. In this Help Net Security video,…
Cybersecurity crisis in numbers
The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the Identity Theft Resource Center. Data breach…
Only 13% of organizations fully recover data after a ransomware attack
Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio. Findings from the study reveal that 58% of organizations had to shut down operations following a ransomware attack, up from 45% in 2021. 40% reported…
PowerSchool Starts Notifying Students Following Massive Breach
PowerSchool, a leading U.S.-based education technology provider, has begun notifying students, teachers, and other affected individuals following a massive data breach that occurred in December 2024. The breach, which compromised sensitive personal information, is one of the largest cybersecurity incidents…
The curious story of Uncle Sam’s HR dept, a hastily set up email server, and fears of another cyber disaster
Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings Two anonymous US government employees have sued Uncle Sam’s HR department – the Office of Personnel Management – claiming the Trump administration’s rapid roll out…
VMware Avi Load Balancer Vulnerability Let Attackers Gain Database Access
Broadcom disclosed a critical vulnerability affecting its Avi Load Balancer product. The vulnerability, identified as CVE-2025-22217, is an unauthenticated blind SQL injection vulnerability that could allow attackers with network access to execute specially crafted SQL queries to gain unauthorized access…
ISC Stormcast For Wednesday, January 29th, 2025 https://isc.sans.edu/podcastdetail/9300, (Wed, Jan 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, January 29th, 2025…
What is the role of data synthesis in my CI/CD pipeline, anyway?
The short answer? Adding data synthesis to your CI/CD pipeline makes your processes better, faster, and more efficient. The post What is the role of data synthesis in my CI/CD pipeline, anyway? appeared first on Security Boulevard. This article has…