+92,000 Internet-facing D-Link NAS devices can be easily hacked
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.
Researchers found multiple flaws in ChatGPT plugins
Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience. These plugins may include new natural language processing features, search capabilities, integrations with other services or platforms, text analysis tools, and more. Essentially, plugins allow users to customize and tailor the ChatGPT experience to their specific needs.
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators.
Multiple XSS flaws in Joomla can lead to remote code execution
Joomla maintainers have addressed multiple flaws in the popular content management system (CMS) that can lead to execute arbitrary code
ESET fixed high-severity local privilege escalation bug in Windows products
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.
Zoom fixed critical flaw CVE-2024-24691 in Windows software
Zoom fixed 7 flaws in its desktop and mobile applications, including a critical bug (CVE-2024-24691) affecting the Windows software
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.
Hundreds of network operators’ credentials found circulating in Dark Web
Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC available on the dark web, Resecurity warns.
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware.
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden.
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported.
Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
A Lockbit ransomware attack against German hospital network Katholische Hospitalvereinigung Ostwestfalen caused service disruptions.
Rhysida ransomware gang claimed China Energy hack
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.
Okta reveals additional attackers' activities in October 2023 Breach
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.
Spain police dismantled a cybercriminal group who stole data of 4 million individuals
The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over 4M individuals.
International Criminal Court hit with a cyber attack
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week.
TikTok fined €345M by Irish DPC for violating children’s privacy
The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368 million) for violating the privacy of children.
Threat actor leaks sensitive data belonging to Airbus
The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.
Google will provide dark web monitoring to all US Gmail users
Google announced the opening of the dark web monitoring report security feature to all Gmail users in the United States. Google is going to offer dark web monitoring to all U.S. Gmail users, the feature allows them to search for their email addresses on the dark web. Dark web scans for Gmail address was previously […]
An unfaithful employee leaked Yandex source code repositoriesSecurity Affairs
A source code repository allegedly stolen by a former employee of the Russian tech giant Yandex has been leaked online. A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum. The announcement published on BreachForums includes a magnet link to the alleged […]
A cyberattack blocked the trains in Denmark
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […]
An unfaithful employee leaked Yandex source code repositoriesSecurity Affairs
A source code repository allegedly stolen by a former employee of the Russian tech giant Yandex has been leaked online. A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum. The announcement published on BreachForums includes a magnet link to the alleged […]
A cyberattack blocked the trains in Denmark
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […]