January 2025 – Page 5 – TheCyberThrone

OWASP Unveils Top 10 Smart Contract Vulnerabilities

Background The Open Web Application Security Project (OWASP) is a non-profit foundation that works to improve software security. OWASP's initiatives and projects provide developers and security professionals with free tools,…

PravinKarthik January 22, 2025

CVE-2025-0411 impacts 7-Zip with Code Execution

Background of CVE-2025-0411 CVE-2025-0411 is a security flaw identified in 7-Zip, a widely-used open-source file archiver. This vulnerability allows attackers to execute arbitrary code by bypassing the "Mark-of-the-Web" (MOTW) security…

PravinKarthik January 21, 2025

Star Blizzard WhatsApp Compromise Campaign

Background of Star Blizzard Star Blizzard, also known as Coldriver, is a highly sophisticated and notorious nation-state cyber espionage group. They have a history of targeting high-profile entities, including non-governmental…

PravinKarthik January 21, 2025

Intelbroker claims breaching HPE

Background of IntelBroker IntelBroker is a notable hacker group known for its sophisticated cybercriminal activities. They have a history of targeting multinational corporations, seeking to extract valuable data and sell…

PravinKarthik January 21, 2025

CERT-UA Warns of Fake AnyDesk Security Audit Requests

CERT-UA, the Computer Emergency Response Team of Ukraine, recently issued a critical warning regarding a fraudulent campaign targeting users via AnyDesk. Attackers are impersonating CERT-UA to send unsolicited connection requests,…

PravinKarthik January 20, 2025

CVE-2024-53691: PoC Exploit Code Release for QNAP Flaw

CVE-2024-53691 is a severe remote code execution (RCE) vulnerability discovered in QNAP NAS devices. Recently, security researcher c411e released a Proof-of-Concept (PoC) exploit code, underscoring the critical nature of this…

PravinKarthik January 20, 2025

CVE-2025-0107 PoC Exploit Code Released for PaloAlto Flaw

Background: CVE-2025-0107 is a critical OS command injection vulnerability discovered in Palo Alto Networks' Expedition Tool, version 1.2.101 and earlier. Recently, security researchers released a Proof-of-Concept (PoC) exploit code, which…

PravinKarthik January 19, 2025

CVE-2024-7344 impacts UEFI based systems

CVE-2024-7344 is a critical vulnerability affecting UEFI-based systems. It was discovered by researchers at ESET and involves a bypass of the UEFI Secure Boot mechanism, allowing untrusted code to run…

PravinKarthik January 18, 2025