Home
Services
Credentials
News
Contact
News
NEWS
The latest news in cybersecurity!
APR
11
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
By:
info@thehackernews.com (The Hacker News)
on
APR
11
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known
Read more >>
APR
11
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
By:
info@thehackernews.com (The Hacker News)
on
APR
11
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known
Read more >>
APR
11
Initial Access Brokers Shift Tactics, Selling More for Less
By:
info@thehackernews.com (The Hacker News)
on
APR
11
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks. By selling access, they significantly mitigate the
Read more >>
APR
11
Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
By:
info@thehackernews.com (The Hacker News)
on
APR
11
Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a
Read more >>
APR
11
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
By:
info@thehackernews.com (The Hacker News)
on
APR
11
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a
Read more >>
APR
11
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
By:
info@thehackernews.com (The Hacker News)
on
APR
11
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The
Read more >>
APR
10
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
By:
info@thehackernews.com (The Hacker News)
on
APR
10
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
Read more >>
APR
10
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
By:
info@thehackernews.com (The Hacker News)
on
APR
10
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
Read more >>
APR
10
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
By:
info@thehackernews.com (The Hacker News)
on
APR
10
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days. As before, all the newly discovered play
Read more >>
APR
10
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
By:
info@thehackernews.com (The Hacker News)
on
APR
10
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,
Read more >>
More posts
Contact Us
014
91 842 907
info@pensecure.co.uk
Graffix House,
Newtown Rd,
Henley-on-Thames,
Oxfordshire,
RG9 1LY
Business Hours
Mon - Fri
9:00 am
-
5:00 pm
Sat - Sun
Closed
Copyright © PenSecure
Share by:
