ذكاء التهديدات

Category: Vulnerability Intelligence Vulnerability Class: Zero-Day Vulnerability CVE ID: CVE-2022-1096 CVSS:3.0 Score: To be assigned Executive Summary Google released a security update to patch a critical zero-day vulnerability in Windows, Mac, and Linux operating systems with Chrome 99.0.4844.84. The zero-day vulnerability tracked as CVE-2022-1096, is a type of confusion vulnerability in the Chrome V8 JavaScript engine. Google claims that […]

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

The threat actor group, TeamTNT, compromised multiple cloud instances and containerized environments.The target list includes Docker, Redis server, AWS, and Kubernetes.

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 16.99 million unique CouchSurfing users.

CloudSEK Threat Intelligence Research team's analysis of the ransomware group dubbed Arvin Club

A post on a cybercrime forum, advertising 21 million user records of Microsoft coincides with the corporate giant's latest advisory on a Cosmos DB vulnerability.

DragonForce Malaysia has shared an exploit to bypass the Windows Server LPE LDR for targeting and exploiting Indian servers. The group has also shared a working PoC (Proof of Concept) video to substantiate their claims.

Log4J vulnerability is now being exploited by notorious ransomware groups such as Khonsari and Conti. Log4Shell had 3 high priority security patches in the last week alone, leading to increased threat severity.