Turla hackers backdoor NGOs with new TinyTurla-NG malware


Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. [...]


https://www.bleepingcomputer.com/news/se...g-malware/

Three critical application security flaws scanners can’t detect


In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. [...]


https://www.bleepingcomputer.com/news/se...nt-detect/

How an Improper Access Control Vulnerability Led to Account Theft in One Click

Let’s look more closely at the improper access control vulnerability type — what it is, how it’s used, and how to remediate it.


https://www.hackerone.com/vulnerability-...-deep-dive

Two Ivanti Zero-Day Vulnerabilities Demand Immediate User Attention

Ivanti has warned all Connect Secure and Policy Secure users to immediately update their systems…

Two Ivanti Zero-Day Vulnerabilities Demand Immediate User Attention on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

Static Application Security Testing

In cybersecurity, businesses are increasingly accepting the pivotal role of robust application security measures. A…

Static Application Security Testing on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

A Complete Guide to Breach and Attack Simulation

In today’s ever-evolving digital landscape, safeguarding your organization’s cyber infrastructure is crucial. With countless security…

A Complete Guide to Breach and Attack Simulation on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

LockBit claims ransomware attack on Fulton County, Georgia


The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. [...]


https://www.bleepingcomputer.com/news/se...y-georgia/

Microsoft: New critical Exchange bug exploited as zero-day


Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [...]


https://www.bleepingcomputer.com/news/se...-zero-day/

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud


A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. [...]


https://www.bleepingcomputer.com/news/se...for-fraud/

New Qbot malware variant uses fake Adobe installer popup for evasion


The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. [...]


https://www.bleepingcomputer.com/news/se...r-evasion/