For the latest discoveries in cyber research for the week of 21st August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The German Federal Bar (BRAK) Association, which oversees 28 regional bars throughout Germany and represents…

An arbitrary code execution vulnerability was discovered in WinRAR which can be exploited by opening a specially crafted RAR file.

A group of researchers recently published a significant mass-spreading phishing campaign targets Zimbra account users, shedding light on a campaign.

The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese firm earlier this month.

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.

The recent Africa Cyber Surge II operation conducted by INTERPOL and AFRIPOL has revealed a stark reality – the surge in digital insecurity and cybercriminals threats across Africa. 

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV.

Cisco-owned multi-factor authentication (MFA) provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago.

Kaspersky Password Manager now features a built-in one-time code generator for two-factor authentication in other services and applications.

With a staggering CVSS score of 9.8, the CVE-2023-38035 vulnerability pertains to the MICS Admin Portal in Ivanti MobileIron Sentry

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.

Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password.

The Seiko Group Corporation (Seiko) has suffered a data breach resulting from a ransomware attack that has entered today its blackmail phase.

The CVE-2023-26359 vulnerability with a CVSS score of 9.8 is caused by the deserialization of untrusted data.

CVE-2023-40068 is a stored XSS vulnerability specifically affecting ACF’s admin screens tied with post type and taxonomy labels

HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site.

DotRunpeX is one of the new and stealthiest .NET injectors that employs the "Process Hollowing" method, through which this malware distributes a diverse range of other malware strains.

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035.