2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
|
19.1.25 |
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. |
|||
|
19.1.25 |
US sanctions Chinese firm, hacker behind telecom and Treasury hacks |
he U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. | ||
|
19.1.25 |
FCC orders telecoms to secure their networks after Salt Tyhpoon hacks |
The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. |
||
|
19.1.25 |
Microsoft starts force upgrading Windows 11 22H2, 23H3 devices |
Microsoft has started the forced rollout of Windows 11 24H2 to eligible, non-managed systems running the Home and Pro editions of Windows 11 22H2 and 23H2. |
||
|
19.1.25 |
GDPR complaints filed against TikTok, Temu for sending user data to China |
Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). |
||
|
19.1.25 |
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks |
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. |
||
|
19.1.25 |
Microsoft expands testing of Windows 11 admin protection feature |
Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. |
||
|
19.1.25 |
US cracks down on North Korean IT worker army with more sanctions |
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. |
||
|
19.1.25 |
Biden signs executive order to bolster national cybersecurity |
Days before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. |
||
|
19.1.25 |
Wolf Haldenstein law firm says 3.5 million impacted by data breach |
Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. |
||
|
19.1.25 |
FTC orders GoDaddy to fix poor web hosting security practices |
The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication, to settle charges that it failed to secure its hosting services against attacks since 2018. |
||
|
19.1.25 |
New UEFI Secure Boot flaw exposes systems to bootkits, patch now |
A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. |
||
|
19.1.25 |
Hackers leak configs and VPN credentials for 15,000 FortiGate devices |
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. | ||
|
19.1.25 |
SAP fixes critical vulnerabilities in NetWeaver application servers |
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. |
||
|
19.1.25 |
CISA shares guidance for Microsoft expanded logging capabilities |
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. |
||
|
19.1.25 |
MikroTik botnet uses misconfigured SPF DNS records to spread malware |
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. |
||
|
19.1.25 |
Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. | |||
|
19.1.25 |
Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers' credentials for the Google Ads platform. |
|||
|
19.1.25 |
Over 660,000 Rsync servers exposed to code execution attacks |
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers. |
||
|
19.1.25 |
Windows BitLocker bug triggers warnings on devices with TPMs |
Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker. | ||
|
19.1.25 |
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. |
|||
|
19.1.25 |
Allstate car insurer sued for tracking drivers without permission |
Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. |
||
|
19.1.25 |
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites |
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. | ||
|
19.1.25 |
US govt says North Korea stole over $659 million in crypto last year |
North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. | ||
|
19.1.25 |
Windows 10 KB5049981 update released with new BYOVD blocklist |
Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. |
||
|
19.1.25 |
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws |
Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. |
||
|
19.1.25 |
Fake LDAPNightmware exploit on GitHub spreads infostealer malware |
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. |
||
|
19.1.25 |
Telefónica confirms internal ticketing system breach after data leak |
Spanish telecommunications company Telefónica confirms an internal ticketing system was breached after stolen data was leaked on a hacking forum. | ||
|
19.1.25 |
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025 |
Popular video-sharing social network TikTok has officially gone dark in the United States, 2025, as a federal ban on the app comes into effect on January 19, 2025. |
||
|
18.1.25 |
New Star Blizzard spear-phishing campaign targets WhatsApp accounts |
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a new access vector. |
||
|
18.1.25 |
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 |
Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras. |
||
|
18.1.25 |
Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR |
This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. |
||
|
18.1.25 |
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. |
|||
|
18.1.25 |
OverviewThis week, the SonicWall Capture Labs threat research team investigated a sample of GhostRAT malware. This highly infectious file is built to be persistent and thorough, with many anti-analysi... |
|||
|
18.1.25 |
OverviewThe SonicWall Capture Labs threat research team became aware of a denial-of-service vulnerability in the Windows Lightweight Directory Access (LDAP) Protocol, assessed its impact and developed... |
|||
|
18.1.25 |
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) |
On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. |
||
|
18.1.25 |
When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack. |
|||
|
18.1.25 |
Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000 |
|||
|
18.1.25 |
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” |
||
|
18.1.25 | ||||
|
18.1.25 |
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
The story of a signed UEFI application allowing a UEFI Secure Boot bypass |
||
|
18.1.25 | ||||
|
18.1.25 |
Protecting children online: Where Florida’s new law falls short |
Some of the state’s new child safety law can be easily circumvented. Should it have gone further? |
||
|
18.1.25 |
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon |
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai- | ||
|
18.1.25 |
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation |
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve | ||
|
18.1.25 |
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation |
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. | ||
|
18.1.25 |
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass |
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal | ||
|
18.1.25 |
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs |
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit |
||
|
18.1.25 |
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China |
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of | ||
|
18.1.25 |
Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign |
The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure |
||
|
16.1.25 |
Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics |
Have you ever had your lunch interrupted by a sudden barrage of security alerts? That’s exactly what happened to one of our clients when a frantic call from their Security Operations Center revealed a flood of suspicious emails. The culprit? A brand-new cyberattack mimicking the notorious Black Basta group’s latest technique—and it hit with lightning speed. |
||
|
16.1.25 |
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits |
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface |
||
|
16.1.25 |
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions |
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially | ||
|
16.1.25 |
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer |
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate | ||
|
16.1.25 |
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws |
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware |
||
|
16.1.25 |
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager |
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including |
||
|
16.1.25 |
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes |
Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to | ||
|
16.1.25 |
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 |
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for | ||
|
16.1.25 |
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains |
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based | ||
|
16.1.25 |
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool |
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to | ||
|
16.1.25 |
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation |
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law |
||
|
16.1.25 |
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update |
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have |
||
|
16.1.25 |
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks |
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege | ||
|
14.1.25 |
Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. | |||
|
14.1.25 |
Backdooring Your Backdoors - Another $20 Domain, More Governments |
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/SSL certificates for any .MOBI domain. |
||
|
14.1.25 |
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation |
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to |
||
|
14.1.25 |
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains |
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain |
||
|
14.1.25 |
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions |
The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing |
||
|
14.1.25 |
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces |
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public | ||
|
14.1.25 |
Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware |
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather | ||
|
14.1.25 |
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access | ||
|
14.1.25 |
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners |
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy |
||
|
14.1.25 |
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables |
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting | ||
|
14.1.25 |
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems |
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired | ||
|
12.1.25 |
New Web3 attack exploits transaction simulations to steal crypto |
Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. |
||
|
12.1.25 |
US charges operators of cryptomixers linked to ransomware gangs |
The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. |
||
|
12.1.25 |
Treasury hackers also breached US foreign investments review office |
Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks. |
||
|
12.1.25 |
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. |
|||
|
12.1.25 |
STIIIZY data breach exposes cannabis buyers’ IDs and purchases |
Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. |
||
|
12.1.25 |
Fake CrowdStrike job offer emails target devs with crypto miners |
CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). |
||
|
12.1.25 |
Largest US addiction treatment provider notifies patients of data breach |
BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. |
||
|
12.1.25 |
Banshee stealer evades detection using Apple XProtect encryption algo |
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple's XProtect. |
||
|
12.1.25 |
MirrorFace hackers targeting Japanese govt, politicians since 2019 |
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed "MirrorFace" hacking group. |
||
|
12.1.25 |
US Treasury hack linked to Silk Typhoon Chinese state hackers |
Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December. | ||
|
12.1.25 |
Ivanti zero-day attacks infected devices with custom malware |
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group. | ||
|
12.1.25 |
Microsoft fixes bug causing Outlook to freeze when copying text |
Microsoft has fixed a known issue causing the classic Outlook email client to stop responding when copying text with the CTRL+C keyboard shortcut. | ||
|
12.1.25 |
Unpatched critical flaws impact Fancy Product Designer WordPress plugin |
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. | ||
|
12.1.25 |
Ivanti warns of new Connect Secure flaw used in zero-day attacks |
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. |
||
|
12.1.25 |
Russian ISP confirms Ukrainian hackers "destroyed" its network |
Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance |
||
|
12.1.25 |
SonicWall urges admins to patch exploitable SSLVPN bug immediately |
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." |
||
|
12.1.25 |
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens |
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. |
||
|
12.1.25 |
Over 4,000 backdoors hijacked by registering expired domains |
Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. |
||
|
12.1.25 |
Medical billing firm Medusind discloses breach affecting 360,000 people |
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. | ||
|
12.1.25 |
Thousands of credit cards stolen in Green Bay Packers store breach |
American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. |
||
|
12.1.25 |
UN aviation agency confirms recruitment database security breach |
The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. |
||
|
12.1.25 |
PowerSchool hack exposes student, teacher data from K-12 districts |
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. |
||
|
12.1.25 |
Casio says data of 8,500 people exposed in October ransomware attack |
Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. | ||
|
12.1.25 |
New Mirai botnet targets industrial routers with zero-day exploits |
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. |
||
|
11.1.25 |
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation |
Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to | ||
|
11.1.25 |
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering |
The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services |
||
|
11.1.25 |
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices |
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code | ||
|
11.1.25 |
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit |
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. | ||
|
11.1.25 |
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. |
|||
|
11.1.25 |
Trend Micro leads the way by mapping its Container Security detection capabilities to the MITRE ATT&CK framework for Containers and contributing real-world attack data. |
|||
|
11.1.25 |
Apache Struts Path Traversal to RCE: CVE-2024-53677 |
OverviewThe SonicWall Capture Labs threat research team became aware of an unauthenticated, remote code execution vulnerability in the Apache Struts 2 framework, assessed its impact, and developed mit... |
||
|
11.1.25 |
The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. | |||
|
11.1.25 |
Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users. |
|||
|
11.1.25 |
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe | |||
|
11.1.25 |
APT groups are increasingly deploying ransomware – and that’s bad news for everyone | |||
|
11.1.25 | ||||
|
11.1.25 |
Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike |
The distinction between nation-state actors and organized cybercriminals is becoming increasingly blurred in our rapidly evolving cyber landscape. Historically, these groups had distinct motivations: nation-states sought to achieve long-term geopolitical advantages through espionage and intelligence operations, while cybercriminals focused on financial gain, exploiting vulnerabilities for extortion, theft, and fraud. |
||
|
11.1.25 |
US govt launches cybersecurity safety label for smart devices |
Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. | ||
|
11.1.25 |
BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. |
|||
|
11.1.25 |
CISA warns of critical Oracle, Mitel flaws exploited in attacks |
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. |
||
|
11.1.25 |
Washington state sues T-Mobile over 2021 data breach security failures |
Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. | ||
|
11.1.25 |
UN aviation agency investigating 'potential' security breach |
On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." |
||
|
11.1.25 |
Telegram hands over data on thousands of users to US law enforcement |
Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. |
||
|
11.1.25 |
Malicious Browser Extensions are the Next Frontier for Identity Attacks |
A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. |
||
|
11.1.25 |
Green Bay Packers' online store hacked to steal credit cards |
The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information. | ||
|
11.1.25 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. |
|||
|
11.1.25 |
Vulnerable Moxa devices expose industrial networks to attacks |
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. | ||
|
11.1.25 |
Chinese hackers also breached Charter and Windstream networks |
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. |
||
|
11.1.25 |
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs |
New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. | ||
|
11.1.25 |
Windows 10 users urged to upgrade to avoid "security fiasco" |
Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. |
||
|
11.1.25 |
Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. |
|||
|
10.1.25 |
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics |
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has |
||
|
10.1.25 |
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices |
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code | ||
|
10.1.25 |
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns |
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX | ||
|
10.1.25 |
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer |
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as | ||
|
10.1.25 |
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers |
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an | ||
|
10.1.25 |
New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption |
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer . "Once thought |
||
|
10.1.25 |
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan |
Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named | ||
|
10.1.25 |
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection |
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could |
||
|
10.1.25 |
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure |
Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild |
||
|
10.1.25 |
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them |
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple | ||
|
10.1.25 |
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws |
The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and | ||
|
10.1.25 |
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections |
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam | ||
|
10.1.25 |
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques |
Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows | ||
|
10.1.25 |
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks |
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. | ||
|
10.1.25 |
FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance |
The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer | ||
|
10.1.25 |
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its | ||
|
10.1.25 |
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers |
Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could |
||
|
7.1.25 |
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities |
Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The |
||
|
7.1.25 |
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department |
||
|
7.1.25 |
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers |
Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow |
||
|
7.1.25 |
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements |
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide |
||
|
7.1.25 |
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices |
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data |
||
|
7.1.25 |
Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages |
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool |
||
|
5.1.25 |
Nuclei flaw lets malicious templates bypass signature verification |
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. | ||
|
5.1.25 |
Google Chrome is making it easier to share specific parts of long PDFs |
Google is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. |
||
|
5.1.25 |
New FireScam Android data-theft malware poses as Telegram Premium app |
A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. |
||
|
5.1.25 |
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution |
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei , a widely-used open-source vulnerability scanner that, if successfully exploited, could |
||
|
4.1.25 |
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation. |
|||
|
4.1.25 |
In this edition of AI Pulse, let's look back at top AI trends from 2024 in the rear view so we can more clearly predicts AI trends for 2025 and beyond. | |||
|
4.1.25 | ||||
|
4.1.25 |
This month in security with Tony Anscombe – December 2024 edition | |||
|
4.1.25 |
Chris Hadfield: The sky is falling – what to do about space junk? | Starmus Highlights | |||
|
4.1.25 |
Bad Tenable plugin updates take down Nessus agents worldwide |
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. |
||
|
4.1.25 |
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps |
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, |
||
|
4.1.25 |
U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns |
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as |
||
|
3.1.25 |
The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech (also known as Yongxin Zhicheng) for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. |
|||
|
3.1.25 |
Malicious npm packages target Ethereum developers' private keys |
Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. |
||
|
3.1.25 |
Apple offers $95 million in Siri privacy violation settlement |
Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. |
||
|
3.1.25 |
French govt contractor Atos denies Space Bears ransomware attack claims |
French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. |
||
|
3.1.25 |
Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach |
The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. |
||
|
3.1.25 |
New DoubleClickjacking attack exploits double-clicks to hijack accounts |
A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. |
||
|
3.1.25 |
Chinese hackers targeted sanctions office in Treasury attack |
Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. |
||
|
3.1.25 |
Over 3 million mail servers without encryption exposed to sniffing attacks |
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. |
||
|
3.1.25 |
New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60% |
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce |
||
|
3.1.25 |
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers |
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could |
||
|
3.1.25 |
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption |
Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their |
||
|
3.1.25 |
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations |
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri |
||
|
2.1.25 |
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API |
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, |
||
|
2.1.25 |
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them |
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple |
||
|
2.1.25 |
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT |
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in |
||
|
2.1.25 |
Three Russian-German Nationals Charged with Espionage for Russian Secret Service |
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., |
||
|
1.1.25 |
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites |
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and |
||
|
1.1.25 |
Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics |
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. |
||