Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud…
‘Void Banshee’ Exploits Second Microsoft Zero-Day
Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines…
Escort Max 4: Advanced radar detection at entry-level price
Do you like a spirited drive? Or do you have a bit of a lead foot? Or do you just…
Publishers Spotlight: Elisity
I was thrilled to catch up with Elisity during Black Hat USA 2024. Elisity’s platform makes it easy for IT,…
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.
Cyber-Informed Engineering – A New Perspective on OT Security
Cyber-Informed Engineering (CIE) is a new perspective on OT cyber risk – one that is being embraced by OT/engineering teams and…
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating…
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in…
Azure domains and Google abused to spread disinformation and malware
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and…