The latest Metasploit Framework update introduces five new modules targeting critical vulnerabilities across multiple platforms, including POWERCOM UPSMON PRO, Car Rental System 1.0, WordPress plugins, and LINQPad.

The attack leverages differences in how web servers, frameworks, and browsers handle cookies based on legacy standards such as RFC2109, in contrast to the modern RFC6265 standard.

BARWM is a novel attack technique that utilizes DNN-based steganography to generate sample-specific backdoor triggers that are imperceptible. It is able to circumvent the limitations of real-world deep learning (DL) models deployed on mobile devices.

Researchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake “Army+” app websites, which host a malicious installer that, upon execution, extracts the legitimate app alongside the Tor browser.

Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems.

According to a detailed analysis by Rapid7, the threat actors have refined their techniques, introducing novel methods for gaining access and delivering malware, including Zbot, DarkGate, and custom-developed tools.

Discovered during the 2024 Pwn2Own IoT competition, these vulnerabilities let attackers compromise the devices, potentially accessing live video feeds and executing harmful code remotely.

This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the “Diff or Compare” functionality, which occurs due to improper handling of file uploads with script-laden filenames.

Once executed, the malware extracts sensitive information from Userinfo.dll and transmits it to a remote server, which periodically checks for new instructions, enabling remote control over the compromised system.

Lumma Stealer, a sophisticated information-stealing malware, is spreading through Telegram channels, exploiting the platform’s popularity to bypass traditional security measures and target unsuspecting users, potentially compromising sensitive data.