The Cleo data theft attack represents another major success for Clop, who leveraged leveraging a zero-day vulnerability in Cleo LexiCom, VLTransfer, and Harmony products to steal data from the networks of breached companies.

The Apache HugeGraph team has released version 1.5.0, which effectively patches this vulnerability. All users of Apache HugeGraph-Server versions 1.0 through 1.3 are strongly urged to upgrade to 1.5.0 immediately.

These flaws affect specific versions of the Amazon Redshift JDBC Driver, Python Connector, and ODBC Driver, highlighting a common weakness in how these tools handle metadata API calls.

This vulnerability, identified as CVE-2024-45387 and assigned a CVSS score of 9.9, could allow attackers to execute malicious SQL code, potentially compromising sensitive data and disrupting critical services.

Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web.

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.

Fortinet flagged two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, exhibiting behaviors like keylogging, data exfiltration, webhook injection, and anti-VM checks while employing obfuscation to evade detection.

Security researcher Alex Birnberg with SSD Secure Disclosure published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-30085, a Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability.

The vulnerability, tracked as CVE-2021-44207, was exploited by the Chinese cyber-espionage group APT41 to breach multiple U.S. state government networks. The flaw stems from the use of hard-coded credentials.

The vulnerability was discovered by Trend Micro’s Zero Day Initiative and has been addressed in Webmin version 2.111. All Webmin and Virtualmin administrators are strongly urged to update their installations immediately.