Google has launched kvmCTF, a groundbreaking vulnerability reward program aimed at fortifying the security of the Kernel-based Virtual Machine (KVM) hypervisor. Announced in October 2023, kvmCTF offers substantial bounties of up to $250,000 for full VM escape exploits, underscoring its focus on zero-day vulnerabilities and rigorous evaluation standards. Designed to engage cybersecurity professionals, ethical hackers, […]
Cisco’s NX-OS zero-day vulnerability (CVE-2024-20399) has been actively exploited by the Chinese state-sponsored threat actor known as Velvet Ant, highlighting the urgent need for cybersecurity professionals and network administrators to secure affected systems. In a forensic investigation led by Sygnia, it was discovered that Velvet Ant gained administrator-level credentials to access Cisco Nexus switches and […]
Ticketmaster recently confirmed a data breach that exposed the personal information of millions of customers worldwide. The attack targeted a cloud database hosted by Snowflake, a data warehousing platform, between April 2nd and May 18th, 2024. While Ticketmaster initially claimed the breach only impacted a limited number of users (around 1,000 according to their SEC […]