Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
What is GlobalProtect? Palo Alto Networks VPN Gateway Explained
GlobalProtect is Palo Alto Networks’ enterprise remote access gateway. This explainer covers how it works, why it matters, and the security considerations organizations should understand about CVE-2024-3400 and enterprise VPN security.
-
ShadowMQ Flaw Exposes AI Inference Engines to Remote Code Execution
Oligo Security found a recurring ZeroMQ/pickle deserialization flaw affecting multiple AI inference frameworks; several vendors have issued patches.
-
PhantomRaven Malware Found in 126 npm Packages, Stealing GitHub Tokens
PhantomRaven exploits npm packages to steal GitHub tokens and CI/CD secrets, Koi Security says.
-
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases
Safery is a malicious Chrome wallet extension that hides stolen Ethereum seed phrases inside Sui micro-transactions; defenders should monitor unexpected browser RPC calls and on-chain writes during wallet import.
-
Cisco RCE Vulnerability Affects Security Appliances
Cisco has identified a critical RCE vulnerability, CVE-2024-20353, affecting its Secure Web Appliance and Secure Email Gateway products. Immediate updates are urged.
-
Unnamed APT Exploits Zero-Days in Citrix and Cisco, Targeting Critical Infrastructure
An unnamed advanced persistent threat (APT) group exploited zero-day vulnerabilities in Citrix NetScaler ADC and Gateway, dubbed “CitrixBleed 2,” and a critical flaw in Cisco Identity Service Engine (ISE). The attacks targeted essential identity and network access control infrastructure.
-
Canada Imposes New Sanctions on Russian Drone and Energy Production
Canada has imposed new sanctions on Russia, targeting its drone and energy industries, and infrastructure implicated in cyberattacks against Ukraine. These measures escalate economic pressure aimed at curbing Russia’s ongoing conflict.
-
Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency
Microsoft Exchange servers 2016 and 2019 are nearing end-of-life this October, posing an imminent threat due to critical vulnerabilities. This advisory follows the Storm-0558 breach, prompting CISA and NSA to issue security best practices. Organizations must migrate and implement robust defenses amidst Microsoft’s Secure Future Initiative.
-
WhatsApp to Face Stricter EU Oversight Under Digital Services Act
The European Commission is set to classify WhatsApp as a ‘very large online platform’ under the Digital Services Act (DSA), imposing stricter regulatory oversight due to its over 45 million monthly active users in the EU. This move mandates enhanced content moderation, transparency, and continuous risk assessment for the messaging service.
-
Russia’s Finance Ministry to Debut Yuan Bonds in December
Russia’s Finance Ministry will issue its first series of government bonds denominated in Chinese yuan next month, diversifying its borrowing portfolio and mitigating Western sanctions amid declining traditional revenue streams and a projected budget deficit.