Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability.
Please note that SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.
SpearTip Security Operations Center, together with the SaaS Alerts team, identified an emerging threat involving the fastHTTP library
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.
Cybercriminals use GhostGPT, an uncensored AI chatbot, for malware creation, BEC scams, and more. Learn about the risks and how AI fights back.
#chatbot #creation #cybercriminals #fights #ghostgpt #learn #malware #risks #scams #uncensored
Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.
Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware.
Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees' web browsers.
Learn about the steps we took to uncover and neutralize a malware infection redirecting WordPress traffic to dangerous URLs.
In December 2023, the Molfar website experienced a DDoS attack. This occurred immediately after the publication of our extensive investigation into the production of Shaheds and Lancets, which included the deanon of the family of chief designer Zakharov. Recently, Molfar discovered who was behind that DDos attack.
Molfar's OSINT analysts, in collaboration with the DC8044 F33d community team, identified several Russian hackers allegedly connected to Russian state structures and received funding from them. Some of these individuals are Ukrainian.
