Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers – Go Health Pro

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers – Go Health Pro

Feb 18, 2025Ravie LakshmananMalware / Website Hacking Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that’s capable of … Read more

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet – Go Health Pro

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet – Go Health Pro

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further … Read more

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws – Go Health Pro

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws – Go Health Pro

Jan 16, 2025Ravie LakshmananEndpoint Security / Ransomware Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated … Read more

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners – Go Health Pro

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners – Go Health Pro

Jan 13, 2025Ravie LakshmananVulnerability / Cloud Security A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum … Read more

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices – Go Health Pro

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices – Go Health Pro

Jan 10, 2025Ravie LakshmananCybersecurity / Android Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey’s Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. “Out-of-bounds write in libsaped.so prior to SMR Dec-2024 … Read more