Active Lumma Stealer Campaign Impacting U.S. SLTTs
The CIS CTI team spotted a Lumma Stealer campaign where SLTT victims were redirected to malicious webpages delivering fake CAPTCHA verifications. Read More
USN-7363-1: PAM-PKCS#11 vulnerabilities
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use...
BlackLock ransomware: What you need to know
BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest ransomware-as-a-service operations of 2025. Read more in...
A Vulnerability in AMI MegaRAC Software Could Allow for Remote Code Execution
A vulnerability has been discovered in AMI MegaRAC Software, which could allow for remote code execution. MegaRAC is a product line of BMC firmware packages...
USN-7362-1: go-gh vulnerability
It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. (CVE-2024-53859)...
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
The FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns Read More
Critical GitHub Attack
This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The...
Rooted Devices 250 Times More Vulnerable to Compromise
Rooted devices are 250 times more vulnerable to security incidents, Zimperium warned Read More
Smashing Security podcast #409: Peeping perverts and FBI phone calls
In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California...
APPLE-SA-03-11-2025-4 visionOS 2.3.2
Posted by Apple Product Security via Fulldisclosure on Mar 20 APPLE-SA-03-11-2025-4 visionOS 2.3.2 visionOS 2.3.2 addresses the following issues. Information about the security content is...
