TSMC confirms Thrid Party Supplier Breach
TSMC, the world’s largest semiconductor manufacturer, has apparently been hit by a cyberattack at the hands of Russian ransomware gang LockBit. TSMC says one of its suppliers, IT services provider…
Arcserve Critical Authentication Bug
A group of red team researchers have identified a critical authentication bypass of an Arcserve backup system. The researchers detailed about vulnerability exploitation process and published tools and a PoC…
CISA releases guidelines on FCEB Devices
Researchers have discovered many devices running on government networks that expose remote management interfaces on the open Web. Earlier this month, CISA released Binding Operational Directive (BOD) 23-02, with the…
CISA and NSA Guidelines for CI/CD
The US NSA and the CISA have published a comprehensive set of guidelines aimed at defending Continuous Integration/Continuous Delivery (CI/CD) environments. The guidelines address the rising threat of malicious cyber…
8Base Ransomware Dissection
Source : VMware Researchers has spotted a massive spike in ransomware activity in May and June 2023 and attributed to a new ransomware group called 8Base. Active since March 2022.…
Jetpack Critical Vulnerability PoC to be released
Developers of Jetpack WordPress plugin has recently alerted its user base to a critical security vulnerability, CVE-2023-2996. Jetpack, a one-stop solution to bolster the security, performance, and website management of…
Siemens Energy and Schneider Electric Victims of MOVEit Flaw
Siemens Energy, the energy arm of German manufacturing giant Siemens, has confirmed it has been breached, while French engineering company Schneider Electric is investigating after its name was posted on…
Mockingjay Bypasses EDR Tools
Researchers have discovered a process injection method without relying on EDR-monitored APIs that resulted in Mockingjay, a novel method for process injection that leverages dynamic link libraries (DLLs) with default…