Polymath Central

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

December 19, 2024

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit…

Cybersecurity

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

December 19, 2024

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company…

Cybersecurity

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

December 19, 2024

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries…

Cybersecurity

UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

December 19, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country…

Cybersecurity

Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

December 19, 2024

The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data…

Cybersecurity

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

December 19, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business…

Cybersecurity

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

December 18, 2024

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure.…

Cybersecurity

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

December 18, 2024

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged…

Cybersecurity

ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

December 18, 2024

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent…

Cybersecurity

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

December 18, 2024

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity,…