⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod
Also, Baltimore Public Schools Suffer Data Breach, Disney Menu Hacker SentencedThis week, zero-day exploits surged, accused Nefilim hacker extradited, Baltimore schools breach, CISA lists Broadcom Brocade, Commvault flaws, a fake WooCommerce patch, Akira hit Hitachi Vantara, ex-Disney worker sentenced and a Darcula phishing kit upgrade. FBI published 42,000 phishing domains.
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine
The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.
The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.
Guardio Labs detected the campaign and detailed its findings in a technical blog post
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure
European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [...]
<h4>Clearly no need for leet zero-day hax when you can spearphish and exploit months-old vulnerabilities</h4> <p>A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed.…</p>
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021