Author Archives: The Hacker News

Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild.
Of the 61 flaws, one … Continue reading Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days→

Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circum… Continue reading VMware Patches Severe Security Flaws in Workstation and Fusion Products→

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug im… Continue reading New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation→

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
The most severe of the vulnera… Continue reading Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code→

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not… Continue reading 6 Mistakes Organizations Make When Deploying Advanced Authentication→

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.
“The incident involves a th… Continue reading Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls→

Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent.
“This will hel… Continue reading Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices→

The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments.

“The model provides a cultivated knowledge base of cyber threats to… Continue reading MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices→

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a mean… Continue reading The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield→

In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibilit… Continue reading SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike→