New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer
As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that...
The Facts About Continuous Penetration Testing and Why It’s Important
Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing...
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation...
Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges."The...
GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be...
New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining
Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances."Brute-force attacks...
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information.Tracked as CVE-2024-38206 (CVSS score:...
North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of...
It’s Time To Untangle the SaaS Ball of Yarn
It's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely...
Styx Stealer Creator’s OPSEC Fail Leaks Client List and Profit Details
In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked data from their...
