A malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user’s AppData. This initiated the installation of a Latrodectus backdoor.
The flaw, identified as CVE-2024-41637, affects RaspAP versions before 3.1.5 and has a severity score of 9.9. The vulnerability stems from improper access controls, enabling attackers to escalate privileges from www-data to root.
According to an analysis by TRM Labs, Russian-speaking threat actors were responsible for over 69% of all ransomware-related cryptocurrency earnings in the past year, amounting to more than $500 million.
Despite bans, organizations are widespread in using AI code tools, causing security concerns, as reported by Checkmarx. While 15% prohibit AI tools for code generation, a staggering 99% still use them.
U.S. senators have raised concerns about how car companies handle consumer data, revealing that major automakers share and sell drivers’ information without proper consent.
WhatsApp currently blocks certain file types considered risky, but Python and PHP scripts are not included in the blocklist. Security researcher Saumyajeet Das identified this vulnerability while testing file attachments in WhatsApp conversations.
The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST), currently has a backlog of over 16,000 vulnerabilities, with an average daily influx of more than 100 new security flaws.
The vulnerability (CVE-2023-45249) was patched nine months ago but is still being exploited in attacks. Admins are advised to update their systems immediately to prevent unauthorized remote code execution.
Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn’t necessarily deleted.
Meta has taken down 63,000 Instagram accounts in Nigeria involved in sextortion scams, including a network of 2,500 accounts linked to 20 individuals targeting adult men in the US.