Category: Hacking

November 30, 2023

According to fraud control platform Arkose Labs, a staggering 73 percent of Internet traffic to websites and apps measured between January 2023 and September 2023 was related to bots performing malicious activities like SMS toll fraud, scraping, and card testing. […]

November 17, 2023

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. […]

November 2, 2023

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on […]

October 31, 2023

The FTC’s Safeguards Rule mandates that “non-banking” financial institutions must securely manage and store their customers’ information. This requirement applies to organizations such as mortgage brokers, motor vehicle dealers, and payday lenders, necessitating the development, implementation, and maintenance of a […]

October 25, 2023

September saw a record number of ransomware operations, as indicated in a recently released report by NCC Group. The company’s latest “monthly cyber threat intelligence report” focuses on emerging developments in the threat landscape, particularly in the realm of ransomware […]

October 24, 2023

The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. “Investigated network traffic to a compromised device […]

October 16, 2023

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. “The attack involves the use of malicious archive files that exploit the […]

October 12, 2023

Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site. “Complete with a professional looking opening comment implying it is a caching […]

October 9, 2023

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July […]

October 4, 2023

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. “The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment,” security researchers […]

September 27, 2023

A new malware strain called ZenRAT has emerged in the wild that’s distributed via bogus installation packages of the Bitwarden password manager. “The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web […]

August 15, 2023

Discord.io, a service that allowed users to create custom links for their Discord channels, is closing down following a large data breach. A hacker stole the data of 760,000 users, per TechRadar, and has posted a sample on Breached Forums […]

August 8, 2023

Hacking passwords by recording the sound of your keystrokes is nothing new, but researchers using AI have been able to do this with much more accuracy. Computer scientists from Durham University, University of Surrey, and Royal Holloway University of London, […]

August 4, 2023

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the “test” packages on July 31, 2023, said they […]

August 2, 2023

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce’s email services, allowing threat actors to craft targeted phishing messages using the company’s domain and infrastructure. “Those phishing campaigns cleverly evade conventional detection methods by chaining […]

August 2, 2023

Researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel security gap in all common main processors (CPUs) of computers that can hardly be mitigated. CPUs are designed to run multiple applications simultaneously. This is […]

July 31, 2023

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. “Among the software in question are various instruments […]

July 19, 2023

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, […]

July 13, 2023

If you practice good digital hygiene, you’re likely installing Windows updates soon after their release date, especially when they’re security-focused. However, hackers are constantly poking and prodding the security of Microsoft’s operating system and devising new ways to bypass any […]

July 11, 2023

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious […]