Fake trading apps on Google Play and Apple's App Store have lured victims into "pig butchering" scams with global reach. [...]
Category: News
Researchers found flaws in Kia's dealer portal, allowing hackers to locate and steal cars made after 2013 using only the [...]
Infostealer malware developers have updated their tools to claim they can bypass Google Chrome's App-Bound Encryption, which protects sensitive data [...]
A sprawling infostealer malware operation, led by the cybercriminal group "Marko Polo," has been uncovered. Thirty campaigns have targeted diverse [...]
Users of macOS 15 'Sequoia' are experiencing network connection problems linked to certain endpoint detection and response (EDR) and VPN [...]
The recently patched "Windows MSHTML spoofing vulnerability" (CVE-2024-43461) has been reclassified as previously exploited by the Void Banshee APT group. [...]
The RansomHub ransomware group has utilized TDSSKiller, a legitimate tool developed by Kaspersky, to deactivate endpoint detection and response (EDR) [...]
The Quad7 botnet expands its targets to include Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, alongside previously [...]
The Docker-OSX project, an open-source initiative by Sick.Codes, enabling macOS virtualization on non-Apple hardware, was recently removed from Docker Hub [...]
The Corona Mirai-based malware botnet exploits a 5-year-old zero-day in discontinued AVTECH IP cameras (CVE-2024-7029). This high-severity issue (CVSS v4 [...]
The Chinese state-backed hacking group Volt Typhoon exploited a zero-day flaw (CVE-2024-39717) in Versa Director, a platform used by ISPs [...]
A Linux malware called 'sedexp' has remained undetected since 2022 by employing a stealthy persistence technique not currently listed in [...]
Since July 2024, a series of attacks using AppDomain Manager Injection, a less common technique, have targeted Microsoft .NET applications [...]
SolarWinds released a critical hotfix for Web Help Desk (WHD) to fix a vulnerability (CVE-2024-28987) allowing attackers to exploit hardcoded [...]
Attackers deployed the Msupedge backdoor on a university's Windows systems in Taiwan by exploiting a recently patched PHP vulnerability (CVE-2024-4577), [...]
CISA issued a warning about active exploitation of a critical vulnerability in SolarWinds' Web Help Desk (WHD) software, used by [...]
Microsoft issued a critical warning on Tuesday urging users to patch a TCP/IP vulnerability affecting all default IPv6-enabled Windows systems. [...]
Since late July 2024, a series of precise cyberattacks has targeted numerous systems within Russian government agencies and IT firms. [...]
A persistent and extensive malware operation has been forcibly installing malicious extensions for Google Chrome and Microsoft Edge browsers across [...]
Since early July 2024, a newly identified self-spreading worm named 'CMoon' has been circulating in Russia through a compromised website [...]
Samsung has introduced a new bug bounty program for its mobile devices, offering rewards up to $1,000,000 for reports demonstrating [...]
A design flaw in Windows Smart App Control and SmartScreen allows attackers to launch programs without triggering security warnings, a [...]
Hunters International, using the SharpRhino C# RAT, targets IT workers to breach corporate networks by initiating infections, elevating privileges, executing [...]
The Chinese hacking group StormBamboo has compromised an ISP to inject malware into automatic software updates. Also known as Evasive [...]
People worldwide are reporting mysterious $1 or $0 charges from Shopify-charge.com on their credit card bills, even without making any [...]
Threat actors exploit a Selenium Grid misconfiguration to deploy a modified XMRig tool for mining Monero. Selenium Grid, an open-source [...]
French police and Europol, assisted by cybersecurity firm Sekoia, are deploying a "disinfection solution" in France to remove PlugX malware [...]
The Chinese hacking group 'Evasive Panda' has been observed deploying new versions of the Macma backdoor and Nightdoor Windows malware. [...]
Microsoft has launched a WinPE recovery tool to automate removal of the faulty CrowdStrike update, which crashed an estimated 8.5 [...]
Microsoft has launched Inbound SMTP DANE with DNSSEC for Exchange Online in public preview, enhancing email integrity and security. SMTP [...]
Cybercriminals are exploiting Facebook business pages and ads to promote counterfeit Windows themes that infect unsuspecting users with SYS01 password-stealing [...]
AT&T has reported a major data breach affecting around 109 million customers, where call logs were stolen from its Snowflake [...]
Microsoft addressed a Windows zero-day vulnerability that had been exploited in attacks for eighteen months to execute malicious scripts, circumventing [...]
Shopify has refuted claims of a data breach despite allegations from a threat actor selling purported customer data allegedly taken [...]
Hackers are actively targeting older versions of Rejetto's HTTP File Server (HFS) to distribute malware and cryptocurrency mining software. According [...]
Google introduced kvmCTF in October 2023, offering $250,000 bounties for full VM escape exploits in the Kernel-based Virtual Machine (KVM) [...]
A novel command execution technique called 'GrimResource' leverages crafted MSC files and an unpatched Windows XSS flaw to execute code [...]
A vulnerability in Phoenix SecureCore UEFI firmware, CVE-2024-0762, impacts devices with many Intel CPUs, prompting Lenovo to release new firmware [...]
AMD is investigating a potential cyberattack after a threat actor claimed to have stolen employee information, financial documents, and confidential [...]
A new phishing campaign uses HTML attachments that exploit the Windows search protocol (search-ms URI) to distribute malware via remote [...]