Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal...
Suspected LockBit dev faces extradition to the US • The Register
An alleged LockBit ransomware developer is in custody in Israel and awaiting extradition to the United States. Israeli law enforcement arrested Rostislav Panev, 51, a dual Russian and Israeli national, in August at the request of the US. Panev faces 41 counts,...
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. Apache Tomcat is an open-source web server and servlet container widely used to deploy and run...
Google says new scam protection feature in Chrome uses AI
Google is planning to use "AI" in Chrome to detect scams when you browse random web pages. As spotted by Leo on X, a new flag in Chrome Canary enables a feature that uses AI (called "LLM," or Large Language Model) to analyze web pages on your device. Chrome's...
Google Chrome uses AI to analyze pages in new scam detection feature
Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. As spotted by Leo on X, a new flag in Chrome Canary enables a feature called "Client Side Detection Brand...
Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket...
US charges Russian-Israeli as suspected LockBit ransomware coder
The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. According to a criminal complaint unsealed today in the District of...
Sophos discloses critical Firewall remote code execution flaw
Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. The vulnerabilities affect Sophos...
Krispy Kreme breach, data theft claimed by Play ransomware gang
The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. Krispy Kreme disclosed the incident and subsequent disruptions to its online ordering system in an...
Health data of 5.6 million stolen in ransomware attack
Ascension, one of the largest private U.S. healthcare systems, is notifying nearly 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. The health network...