Author: Mash

1Password, a widely-used password manager for over 100,000 businesses, faced a security incident when hackers infiltrated its Okta ID management [...]

Google is preparing to test a "IP Protection" feature in Chrome, which hides users' IP addresses with proxy servers to [...]

A cyber threat actor is using fake LinkedIn posts and direct messages to trick people into downloading info-stealing malware, such [...]

The BlackCat/ALPHV ransomware operation recently incorporated a novel tool called 'Munchkin.' This tool harnesses virtual machines for surreptitious deployment of [...]

Amazon now offers passkey support for passwordless login, enhancing security by using biometrics or PINs linked to devices like phones [...]

Discord remains a hotspot for hackers, including APT groups, who use it to distribute malware, steal data, and target critical [...]

Between July and September, DarkGate malware attacks leveraged compromised Skype accounts to infect targets via messages with VBA loader script [...]

Hackers are exploiting LinkedIn Smart Links for phishing attacks to steal Microsoft account credentials. Smart Links are part of LinkedIn's [...]

A zero-day DDoS technique called 'HTTP/2 Rapid Reset' broke records in magnitude since August. Amazon, Cloudflare, and Google jointly reported [...]

Multiple Balada Injector campaigns have infected over 17,000 WordPress sites using known premium theme plugin vulnerabilities. Discovered in December 2022 [...]

The Chrome team is enhancing user experience with a new "Organize Tabs" feature, located at the top left corner, near [...]

Over the past six months, a complex malicious campaign has emerged, planting info-stealing packages on open-source platforms with 75,000 downloads. [...]

A recent Linux vulnerability, dubbed 'Looney Tunables' (CVE-2023-4911), allows local attackers to obtain root privileges by exploiting a buffer overflow [...]

'BunnyLoader' is a newly discovered fileless loader malware. It can steal clipboard contents, execute payloads, record keystrokes, steal data and [...]

The LostTrust ransomware operation is suspected to have rebranded from MetaEncryptor, employing nearly identical data leak sites and encryption methods. [...]

Hackers can exploit logic flaws in Cloudflare's Firewall and DDoS prevention, potentially undermining its protection. This poses a significant threat [...]

The North Korean 'Lazarus' hacking group used a fake job opportunity to target a Spanish aerospace company's employees. This was [...]

Malicious ads promoting malware-infested download sites are infiltrating Microsoft's Bing Chat, powered by OpenAI's GPT-4. Introduced to rival Google's search [...]

Researchers from four US universities created 'GPU.zip,' a new GPU side-channel attack exploiting data compression for leaking sensitive visuals. They [...]

Google plans to retire Gmail's Basic HTML view in January 2024, requiring users to switch to modern browsers for continued [...]

The advanced 'Deadglyph' backdoor malware was recently detected in a cyberespionage attack on a Middle Eastern government agency. It's linked [...]

In August 2023, a new threat actor called 'Sandman' was uncovered by SentinelLabs and QGroup GmbH. Sandman targets telecom service [...]

The malware loader 'Bumblebee' is back from a two-month break with a new campaign that exploits 4shared WebDAV services. This [...]

A Proof-of-Concept (PoC) exploit for a Windows Themes vulnerability, known as CVE-2023-38146 or ThemeBleed, has been made public. This vulnerability, [...]

Microsoft is making significant changes to its printer driver strategy over the next four years, which includes blocking third-party printer [...]

Google's Privacy Sandbox is replacing third-party cookies for tracking user interests in Chrome. Upon launching Chrome, users now see an [...]

Apple issued urgent security updates to address two newly discovered zero-day vulnerabilities. These vulnerabilities were exploited in attacks aimed at [...]

An unidentified threat actor is exploiting serious security flaws (CVE-2023-28432 and CVE-2023-28434) in MinIO storage systems, leading to unauthorized code [...]

Microsoft has alerted customers that Windows 11 21H2 systems will undergo automatic updates before the end of their servicing period [...]

Even ransomware gangs can make errors. The Key Group, a ransomware gang, made a cryptographic mistake, allowing security researchers to [...]

Chinese hacker group GREF has planted BadBazaar spyware in modified Signal and Telegram apps on Google Play and Samsung Galaxy [...]

A new Android banking malware, MMRat, employs an uncommon method of communication—protobuf data serialization—to efficiently steal data from compromised devices. [...]

Japan's JPCERT has unveiled a 'MalDoc in PDF' attack (July 2023) that hides harmful Word files within PDFs to avoid [...]

On August 8, 2023, Secureworks® Counter Threat Unit™ (CTU) researchers discovered the Smoke Loader botnet deploying a custom Wi-Fi scanning [...]

Microsoft has pinpointed a new hacking group, Flax Typhoon, focusing on government, education, critical manufacturing, and IT sectors for likely [...]

The CVE-2023-38831 WinRAR zero-day flaw was exploited to install malware through harmless archive files, compromising online cryptocurrency trading accounts. This [...]

In a fresh HiatusRAT malware drive, cyber attackers have focused on a U.S. Department of Defense server in a reconnaissance [...]

An Amazon ad on Google search leads to a Microsoft Defender scam that traps users in their browser. BleepingComputer reported [...]

The China-linked APT group named 'Bronze Starlight' targeted the Southeast Asian gambling industry with malware using a legitimate certificate from [...]

A critical WinRAR vulnerability (CVE-2023-40477) has been patched. This flaw allows attackers to execute commands on a system by simply [...]