A new application disguised as malware has been making rounds in the Google Play Store, being downloaded over 100,000 times in less than 2 weeks. Researchers at Cyfirma have analyzed this new “SpyLend” malware, part of the SpyLoan group of applications which are disguised as applications for financial services such as management or lending targeting

Continue Reading

New updates have been released for OpenSSH, the widely used Secure Shell protocol commonly used for connecting to and logging in to remote machines, which a vulnerability recently discovered allowed the possibility for machine-in-the-middle (MITM) attacks and denial of service (DOS) attacks. Researches with Qualysis’ Threat Research Unit recently reported the vulnerabilities affecting both a

Continue Reading

Prometheus, a widely used open-source monitoring and alerting toolkit, has been found to have serious vulnerabilities that could allow cybercriminals to steal sensitive data, run malicious code, or even launch denial-of-service (DoS) attacks. Prometheus is a powerful tool designed to record, query and visualize real-time metrics from systems, containers, and applications. Researches from Aqua Security

Continue Reading

A serious security vulnerability has been discovered in the Hunk Companion plugin for WordPress, affecting versions before 1.9.0. Researches at WPScan found the vulnerability of the Hunk Companion, a plugin used for themes by ThemeHunk, through a failed validation from a hardlink within the plugin’s code to WordPress’ plugin repository. The vulnerability allows unauthenticated requests

Continue Reading

A new update has been released by Apache to address a critical Remote Code Execution (RCE) vulnerability affecting the open-source Apache Struts framework. Apache Struts is widely used for developing modern Java web applications, making this vulnerability a significant concern for developers. Vulnerabilities The security vulnerability (CVE-2024-53677) impacts Apache Struts versions: With a CVSS (Common

Continue Reading

Apple has rolled out its iOS 18.2, iPadOS 18.2 and macOS 15.2 updates with a whole set of new features for its Apple AI Intelligence, along with several critical security patches across a wide range of devices. This new update brings optimizations, AI, and enhancements to privacy and security resolving issues that could have allowed

Continue Reading

Microsoft has released it’s Patch Tuesday December update, usually available on the second Tuesday of every month, with a bunch of security updates and patches. Many of the patches are for vulnerabilities with at least a medium severity CVSS (Common Vulnerability Scoring System) score (most are over 6.0 on a scale of 1-10, 10 being

Continue Reading