Author Archives: Ravie Lakshmanan

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild.
Tracked as CVE-2022-22954, the security shortcoming re… Continue reading Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild→

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that’s used to maintain persistence on compromised Windows environments.
The threat actor is said to have targeted entities in the telecommunication, internet service… Continue reading Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers→

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia’s military intelligence, to sabotage the operations of an unnamed energy provider in the … Continue reading Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware→

An international law enforcement operation raided and took down RaidForums, one of the world’s largest hacking forums notorious for selling access to hacked personal information belonging to users.
Dubbed Tourniquet, the seizure of the cybercrime webs… Continue reading FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin→

Microsoft’s Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, amo… Continue reading Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities→

Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server’s IP address, and other network i… Continue reading Critical LFI Vulnerability Reported in Hashnode Blogging Platform→

Senior officials in the European Union were allegedly targeted with NSO Group’s infamous Pegasus surveillance tool, according to a new report from Reuters.
At least five individuals, including European Justice Commissioner Didier Reynders, are said to… Continue reading E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware→

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol (LDAP) Reference Implementation.
“NGINX Open Source and NGINX Plus are not themselves affected, and no … Continue reading NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation→

Google on Monday disclosed that it’s taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies.
“The actor used a network of fraudulent websites tha… Continue reading Google Sues Scammer for Running ‘Puppy Fraud Scheme’ Website→

A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns.
“The TDS has infected various web servers hosting more than 16,500 websites, ranging from a… Continue reading Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service→