BOCRA website



Join us on Slack

Follow us on Facebook

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

                                                     LATEST CYBER HACKS 


Data Leak Hits Thousands of NHS Workers

An estimated 14,000 employees at a Liverpool NHS hospital trust have been informed that their data was leaked via email due to human error, according to reports.


German airport websites down in possible hacker attack

Several German airports had their websites disrupted on Thursday, with experts investigating a possible online attack.

The problems come a day after a major IT failure at Germany's national carrier Lufthansa left thousands of passengers stranded at Frankfurt airport.


AI Image Editing Tool Cutout Leaked User Images and Data

Cutout, a popular AI image editing tool, suffered a data breach that exposed user images, usernames, and email addresses. The incident underscores the risks of using cloud-based AI tools for sensitive data.



SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities

Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8.


New Variant of Mirai Targets 13 Known IoT Device Vulnerabilities

A new variant of the Mirai botnet dubbed V3G4 has been identified by researchers. The malware exploits 13 vulnerabilities in various servers and IoT devices and uses brute-forcing attacks to propagate further across the network.



New Frebniis Malware Abuses IIS Features for Secret Communications

A new malware, named Frebniis, has been spotted abusing Microsoft’s IIS feature to execute malicious commands without raising any red flags on the security radar.


Havoc Replaces Cobalt Strike and Brute Ratel

Researchers identified a fresh attack on a government entity, during which the attackers employed a novel C2 framework dubbed Havoc. In spite of the widespread availability of C2 frameworks, Havoc stands out as an advanced post-exploitation framework that can elude the latest version of Windows 11 Defender.


Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn.

                               GENERAL NEWS


ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

A number of experiments suggest that ChatGPT, the popular large language model (LLM), could be useful to help defenders triage potential security incidents and find security vulnerabilities in code, even though the artificial intelligence (AI) model was not specifically trained for such activities, according to results released this week.


Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only

Twitter has announced that it's limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors," the company said.