USF Call for Applications: Grants for Local Digital Content Development Initiative (Phase 3)
Call for Applications- Grants for Local Digital Content Development Initiative- phase 3
Menu
SonicWall has revealed that two security flaws impacting its SMA100 Secure Mobile Access appliances have been exploited
EXPLOIT This flaws were being exploited by use of the following CVEs CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability CVE-2024-38475 (CVSS score: 9.8)
Ms. Geek Africa 2025 Challenge
Final_MsGeek 2025 Competion Call for Application
Ms. Geek Africa 2025 Challenge Read More »
MACRA hosts a Validation Workshop on the Data Protection Regulations
MACRA hosted a Validation Workshop on the Data Protection Regulations and proposed registration fees for Data Controllers and Data Processors of Significant Importance at the Bingu International Convention Centre (BICC). This important workshop is platform where we are discussing stakeholder comments on the draft regulations as read with the Authority’s determination which has informed the
MACRA hosts a Validation Workshop on the Data Protection Regulations Read More »
Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
BACKGROUND Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. RECOMMENDATION To mitigate the risk posed by such attacks, clients are advised to apply a Conditional Access policy to all Microsoft 365, Dynamics
Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach Read More »
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
BACKGROUND Researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging functionality that can report back to a
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers Read More »
WooCommerce admins targeted by fake security patches that hijack sites
BACKGROUND Once installed and activated, it provides threat actors administrator access to the dashboard and makes use of the REST API to facilitate remote code execution by injecting malicious PHP code into the site theme’s header file or clearing the caches of popular caching plugins. A new iteration of the malware includes notable changes to
WooCommerce admins targeted by fake security patches that hijack sites Read More »
MACRA Holds a two-day workshop aimed at developing Malawi’s National Position on the Interpretation of International Law and the State Use of ICT
Malawi has took a significant step towards shaping its digital future by holding an ICT indaba aimed at developing the country’s National Position on how International Law applies to the use of ICTs by states. The ICT indaba, took place in Lilongwe, has been organised by MACRA in partnership with the United Nations Institute for
