Progress Software has issued a security advisory regarding four new vulnerabilities in the Telerik Report Server. These flaws, designated as CVE-2024-7292, CVE-2024-7293, CVE-2024-7294, and CVE-2024-8015, impact versions before 2024 Q3 (10.2.24.924).

G DATA Security Lab discovered a malware campaign using Bitbucket to deploy AsyncRAT, a remote access trojan. The attackers employed multi-stage attacks to host and distribute malicious payloads, hiding their activities with Base64 encoding.

Sophos X-Ops MDR and Incident Response warned of rising ransomware attacks exploiting Veeam Backup & Replication flaw CVE-2024-40711, allowing unauthorized account creation for ransomware deployments like Fog and Akira.

ESET researchers revealed that the Telekopye scam toolkit, previously known for targeting online marketplace users, has now turned its focus towards exploiting tourists via accommodation booking platforms like Booking.com and Airbnb.

The CISA has issued an urgent alert warning organizations about a vulnerability involving unencrypted persistent cookies in the F5 BIG-IP Local Traffic Manager (LTM) module, which could be exploited by cyber threat actors.

The CISA warned of a critical Fortinet flaw that allows remote code execution impacting FortiOS, FortiPAM, FortiProxy, and FortiWeb. Federal agencies must apply mitigations by October 30, 2024.

The malware executes tasks to establish network access with Ncat, manipulates the system registry using IFEO, and controls system functions. It conducts cryptomining using SilentCryptoMiner and steals funds by swapping crypto wallet addresses.

The flaw, tracked as CVE-2024-8884, allows unauthorized actors to access sensitive information over an insecure HTTP connection, posing risks of DoS attacks, data leaks, and operational failures.

Researchers have discovered significant security vulnerabilities in industrial systems using the Manufacturing Message Specification (MMS) protocol that could have serious consequences if exploited.

A recent phishing campaign exploited GitHub links, targeting victims with promises of tax extension assistance. The emails urged recipients to download a password-protected archive from trusted repositories associated with tax organizations.