Latest News

International Criminal Court faces new "sophisticated" cyberattack in The Hague. Occurring near the NATO summit, this incident impacts the ICC as it handles major global cases.

The outage began shortly before the July 4 holiday weekend and caused disruptions for customer ordering and other services provided by the IT distributor.

AT&T's $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents. Get claim details here.

The announcement comes just months after security researchers observed that the group was making the transition to rebrand to World Leaks, a data theft outfit.

Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader). The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized versions of legitimate tools like PuTTY and WinSCP, aiming to trick software professionals

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.10 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.').

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.

A color picker for Google's browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites.

SatanLock ransomware gang shuts down after weeks of attacks and plans to leak stolen victim data. Group linked to Babuk-Bjorka and GD Lockersec families.

Let's Encrypt has started rolling out certificates for IP addresses. Although it's a security solution it also offers cybercriminals opportunities.