Author: Mash

Researchers found flaws in Kia's dealer portal, allowing hackers to locate and steal cars made after 2013 using only the [...]

Infostealer malware developers have updated their tools to claim they can bypass Google Chrome's App-Bound Encryption, which protects sensitive data [...]

A sprawling infostealer malware operation, led by the cybercriminal group "Marko Polo," has been uncovered. Thirty campaigns have targeted diverse [...]

Users of macOS 15 'Sequoia' are experiencing network connection problems linked to certain endpoint detection and response (EDR) and VPN [...]

Attackers deployed the Msupedge backdoor on a university's Windows systems in Taiwan by exploiting a recently patched PHP vulnerability (CVE-2024-4577), [...]

CISA issued a warning about active exploitation of a critical vulnerability in SolarWinds' Web Help Desk (WHD) software, used by [...]

Microsoft issued a critical warning on Tuesday urging users to patch a TCP/IP vulnerability affecting all default IPv6-enabled Windows systems. [...]

Since late July 2024, a series of precise cyberattacks has targeted numerous systems within Russian government agencies and IT firms. [...]

A persistent and extensive malware operation has been forcibly installing malicious extensions for Google Chrome and Microsoft Edge browsers across [...]

Since early July 2024, a newly identified self-spreading worm named 'CMoon' has been circulating in Russia through a compromised website [...]

Samsung has introduced a new bug bounty program for its mobile devices, offering rewards up to $1,000,000 for reports demonstrating [...]

A design flaw in Windows Smart App Control and SmartScreen allows attackers to launch programs without triggering security warnings, a [...]

Hunters International, using the SharpRhino C# RAT, targets IT workers to breach corporate networks by initiating infections, elevating privileges, executing [...]

The Chinese hacking group StormBamboo has compromised an ISP to inject malware into automatic software updates. Also known as Evasive [...]

People worldwide are reporting mysterious $1 or $0 charges from Shopify-charge.com on their credit card bills, even without making any [...]

Threat actors exploit a Selenium Grid misconfiguration to deploy a modified XMRig tool for mining Monero. Selenium Grid, an open-source [...]

French police and Europol, assisted by cybersecurity firm Sekoia, are deploying a "disinfection solution" in France to remove PlugX malware [...]

The Chinese hacking group 'Evasive Panda' has been observed deploying new versions of the Macma backdoor and Nightdoor Windows malware. [...]

Microsoft has launched a WinPE recovery tool to automate removal of the faulty CrowdStrike update, which crashed an estimated 8.5 [...]

Microsoft has launched Inbound SMTP DANE with DNSSEC for Exchange Online in public preview, enhancing email integrity and security. SMTP [...]

Cybercriminals are exploiting Facebook business pages and ads to promote counterfeit Windows themes that infect unsuspecting users with SYS01 password-stealing [...]

AT&T has reported a major data breach affecting around 109 million customers, where call logs were stolen from its Snowflake [...]

Microsoft addressed a Windows zero-day vulnerability that had been exploited in attacks for eighteen months to execute malicious scripts, circumventing [...]

Shopify has refuted claims of a data breach despite allegations from a threat actor selling purported customer data allegedly taken [...]

Hackers are actively targeting older versions of Rejetto's HTTP File Server (HFS) to distribute malware and cryptocurrency mining software. According [...]

Google introduced kvmCTF in October 2023, offering $250,000 bounties for full VM escape exploits in the Kernel-based Virtual Machine (KVM) [...]

A novel command execution technique called 'GrimResource' leverages crafted MSC files and an unpatched Windows XSS flaw to execute code [...]

A vulnerability in Phoenix SecureCore UEFI firmware, CVE-2024-0762, impacts devices with many Intel CPUs, prompting Lenovo to release new firmware [...]

AMD is investigating a potential cyberattack after a threat actor claimed to have stolen employee information, financial documents, and confidential [...]

A new phishing campaign uses HTML attachments that exploit the Windows search protocol (search-ms URI) to distribute malware via remote [...]

A new remote code execution (RCE) vulnerability in PHP for Windows has been disclosed, affecting all versions since 5.x and [...]