Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks
Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting"…
Cisco fixes root escalation vulnerability with public exploit code
Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate…
Defense in Diversity: A Strategy for Robust Cybersecurity
The concept of “defense in depth” dates back to ancient times, epitomized by the ramparts, draw-bridge, towers, and battlements surrounding…
GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln
The bug (CVE-2024-6385) is similar — but not identical — to a critical flaw GitLab patched just two weeks ago.
Facebook PrestaShop module exploited to steal credit cards
Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on…
Navigating the Perilous Waters of Supply Chain Cybersecurity
By Kenneth Moras Introduction: In today’s interconnected business environment, reliance on innovative vendors and open source solutions is inevitable. However,…
Exploit for critical Veeam auth bypass available, patch now
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making…
Delinea Fixes Flaw, But Only After Analyst Goes Public With Disclosure First
Delinea rolls out Secret Server SOAP API flaw fixes, while researcher claims the vendor ignored his findings for weeks.
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication…
SolarWinds fixes critical RCE bugs in access rights audit solution
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity…