CVE-2023-22527 is a critical vulnerability exploited for cryptojacking activities. Attack tactics include shell scripts, XMRig miners, targeting SSH endpoints, and establishing persistence through cron jobs.

This flaw allows attackers to execute remote code without authentication, posing a serious risk. Versions up to 18.12.14 are affected, and organizations are advised to upgrade to version 18.12.15 to mitigate the issue.

New details have emerged about a patched vulnerability in Microsoft 365 Copilot that could lead to the theft of sensitive user information through a technique known as ASCII smuggling.

According to AppOmni, one-third of organizations experienced SaaS data breaches last year due to a lack of visibility and control, as revealed by a survey of 644 enterprises globally.

SonicWall has addressed a critical vulnerability (CVE-2024-40766) in its next-gen firewalls, which could be exploited by remote attackers to gain unauthorized access and potentially crash the devices.

Diversifying suppliers and systems can help minimize risks, as shown by corporations that purchase networking equipment from multiple vendors to prevent total network failure in case of vendor issues.

Researchers found that attackers are leveraging PythonAnywhere cloud platform to host and distribute malicious files using Razr ransomware discreetly. The ransomware generates a unique machine ID, encryption key, and IV to begin operations.

The project is led by Ukrainian cyber entrepreneur Yehor Aushev and is unique in that it is free and open to a wide range of citizens, including students, researchers, and state officials.

NASA’s IV&V Facility is expanding its cybersecurity services to enhance the safety of its missions. This initiative includes incorporating cybersecurity assessments into their traditional roles of software examination.

Nuclei is an open-source vulnerability scanner known for its speed and customizable YAML-based templates. It offers flexibility in security checks by allowing customization of templates to send requests to multiple targets.