Vulnerability Management

MORSECORP Inc. Settles $4.6 Million Cybersecurity Fraud Case with U.S. Government

Cyber Laws & Regulations

MORSECORP Inc. Settles $4.6 Million Cybersecurity Fraud Case with U.S. Government

Defense contractor MORSECORP Inc. has agreed to pay $4.6 million to resolve allegations of cybersecurity fraud involving...

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

Threat Intelligence

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

AhnLab’s Threat Intelligence Platform has released 19 new Snort rules addressing critical vulnerabilities including PostgreSQL SQL injection...

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Threat Intelligence

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Recent forensic investigations by Volexity have uncovered a sophisticated attack campaign exploiting two chained zero-day vulnerabilities in...

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Blue-Team

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Discretionary Access Control Lists (DACLs) serve as a fundamental security mechanism governing access to directory...

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

News

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Misconfigured WriteOwner permissions in Active Directory can enable attackers to take ownership of critical objects, bypass security...

Credential Dumping via Active Directory User Comments: Risks and Mitigations

News

Credential Dumping via Active Directory User Comments: Risks and Mitigations

Active Directory (AD) credential dumping remains a significant threat, with attackers increasingly exploiting overlooked attributes like user...

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

Blue-Team

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

A Shadow Credentials attack is an advanced exploitation technique targeting Active Directory Certificate Services (AD CS), enabling...

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

Threat Intelligence

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

A newly identified Mirai botnet variant (IoT.Linux.MIRAI.VWISI) has begun exploiting CVE-2020-10173, a command injection vulnerability in Comtrend...

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Threat Intelligence

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

The Trojan.Win64.HAFNIUM.A malware represents a sophisticated threat targeting Microsoft Exchange servers, initially attributed to the Chinese state-sponsored...

Understanding Trojan.Win32.CVE20188120.E: A Windows Privilege Escalation Threat

CVE News

Understanding Trojan.Win32.CVE20188120.E: A Windows Privilege Escalation Threat

The Trojan.Win32.CVE20188120.E malware represents a persistent threat leveraging CVE-2018-8120, a privilege escalation vulnerability in Windows systems. This...

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Malware Analysis

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

The ransomware strain Ransom.Win32.BLACKMATTER.THGOCBA presents a moderate-risk threat with significant operational impact potential, primarily targeting Windows environments....

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

CVE News

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

Two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC) have been identified and patched, according to...

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

CVE News

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

NetApp has resolved a critical privilege escalation vulnerability (NCSC-2025-0097) in its SnapCenter backup management platform, which could...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

A newly disclosed high-severity vulnerability (CVE-2025-24514) in Kubernetes’ ingress-nginx controller enables attackers to execute arbitrary code and...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

A critical security vulnerability affecting multiple H3C Magic series routers has been identified, allowing remote attackers to...

Extrude: Open-Source Binary Analysis Tool for Security Teams

News

Extrude: Open-Source Binary Analysis Tool for Security Teams

Security teams now have access to a powerful new open-source tool for analyzing binary security posture. Extrude...

Bug Bounty Programs: The Complete Guide to Vulnerability Hunting

Bug Bounties & Responsible Disclosure

Bug Bounty Programs: The Complete Guide to Vulnerability Hunting

Bug bounty programs have become a proven strategy for strengthening system security through collaboration with external researchers....

Internal and External Penetration Testing: A Comprehensive Approach to Enterprise Security

News

Internal and External Penetration Testing: A Comprehensive Approach to Enterprise Security

Internal and external penetration testing (pentesting) are critical components for evaluating an organization’s security posture. These simulated...

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

News

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

Large Language Models (LLMs) are increasingly integrated into enterprise workflows, but a new attack vector—ASCII smuggling—exploits Unicode’s...

Microsoft Azure Vulnerabilities Patched: Key Details for Security Teams

Blue-Team
CVE News

Microsoft Azure Vulnerabilities Patched: Key Details for Security Teams

Microsoft has recently addressed several critical vulnerabilities in its Azure platform, as reported by the Dutch National...

Posts pagination

Previous 1 2 3 4 Next

Vulnerability Management

MORSECORP Inc. Settles $4.6 Million Cybersecurity Fraud Case with U.S. Government

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Credential Dumping via Active Directory User Comments: Risks and Mitigations

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Understanding Trojan.Win32.CVE20188120.E: A Windows Privilege Escalation Threat

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

Extrude: Open-Source Binary Analysis Tool for Security Teams

Bug Bounty Programs: The Complete Guide to Vulnerability Hunting

Internal and External Penetration Testing: A Comprehensive Approach to Enterprise Security

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

You may have missed

Trump Administration Considers TikTok Deal Allowing Chinese Algorithm Ownership

How Intezer’s AI SOC Balances Automation with Human Expertise

How Security Platformization Improves Threat Response and Operational Efficiency

World Backup Day: Essential Strategies for Enterprise Data Protection