H January(270) February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(58) November(67) December(107)
DATE | NAME | Info | CATEG. | WEB |
|
30.10.24 | North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack | Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, | APT | |
|
30.10.24 | Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information | A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to | Vulnerebility | |
|
30.10.24 | Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware | Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked | Social | |
|
30.10.24 | Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code | Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but | Cryptocurrency | |
|
29.10.24 | Researchers Uncover Vulnerabilities in Open-Source AI and ML Models | A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code | AI | |
|
29.10.24 | Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus | The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two | BigBrothers | |
|
29.10.24 | U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing | The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol ( TLP ) to handle threat intelligence | BigBrothers | |
|
29.10.24 | New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors | More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the | Vulnerebility | |
|
29.10.24 | Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services | A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that | APT | |
|
28.10.24 | Russian Espionage Group Targets Ukrainian Military with Malware via Telegram | A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to | BigBrothers | |
|
28.10.24 | BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers | Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked | Virus | |
|
28.10.24 | Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials | Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors | CyberCrime | |
|
28.10.24 | Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel | A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, | OS | |
|
28.10.24 | Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining | The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native | Cryptocurrency | |
|
28.10.24 | Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions | Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of | Ransom | |
|
27.10.24 | CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities | The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government | BigBrothers | |
|
27.10.24 | Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite | A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with | Vulnerebility | |
|
27.10.24 | Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security | Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research | AI | |
|
27.10.24 | Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? | Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI- | AI | |
|
27.10.24 |
SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures | The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially | BigBrothers | The Hacker News |
|
27.10.24 |
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations | The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by | Social | |
|
27.10.24 | New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics | Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics | Ransom | |
|
27.10.24 | AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks | Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that | Vulnerebility | |
|
27.10.24 | Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack | Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance | Vulnerebility | |
|
27.10.24 | Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices | The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw | APT | |
|
27.10.24 | Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation | Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. | Vulnerebility | |
|
27.10.24 | New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection | New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud | Virus | |
|
27.10.24 | CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) | A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by the U.S. | Exploit | |
|
27.10.24 | Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models | Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models | AI | |
|
27.10.24 | Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks | Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of | Ransom | |
|
27.10.24 |
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans |
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called |
||
|
27.10.24 |
Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers |
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent ( OPA ) that, if successfully exploited, could have |
||
|
27.10.24 |
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks |
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, |
||
|
27.10.24 | Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies |
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have |
Virus | The Hacker News |
|
27.10.24 |
Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor |
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest |
||
|
27.10.24 |
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability |
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for |
||
|
27.10.24 |
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to |
||
|
27.10.24 |
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers |
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The |
||
|
27.10.24 |
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials |
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail |
||
|
27.10.24 |
North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data |
North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not |
||
|
27.10.24 |
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks |
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government |
||
|
27.10.24 |
U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign |
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by |
||
|
27.10.24 |
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign |
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver |
||
|
26.10.24 |
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser |
Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in |
||
|
26.10.24 |
Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant |
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies |
||
|
26.10.24 |
Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program |
Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after |
||
|
26.10.24 |
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack |
An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile |
||
|
26.10.24 |
U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks |
Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire |
||
|
26.10.24 |
Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk |
A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root |
||
|
26.10.24 |
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity |
Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response | ||
|
26.10.24 |
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware |
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows | ||
|
26.10.24 |
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack |
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by |
||
|
26.10.24 |
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access |
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow |
||
|
26.10.24 |
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web |
||
|
26.10.24 |
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns |
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's |
||
|
26.10.24 |
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT |
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a |
||
|
26.10.24 |
New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists |
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of |
||
|
26.10.24 |
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns |
| ||