Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
Verizon DBIR finds 31% of data breaches began with software flaws last year
Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks
Experts have revealed an Azure AD vulnerability exposing ClientId and ClientSecret in a publicly accessible appsettings.json file
Mandiant’s M-Trends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers
Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023
Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment
Rapid7 warned that users of Justice AV Solutions (JAVS) Viewer v8.3.7 recording software are at high risk of stolen credentials and having malware installed
Sysdig said the attackers gained access to these credentials from a vulnerable version of Laravel
Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI
But IBM warns credential compromise is number one initial access vector
The issue arises from the logging of credentials in hex encoding in platform system audit logs