SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer,…
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking…
CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware…
UK Police Arrest Two Teens Over Kido Nursery Ransomware Attack
The UK Metropolitan Police (Met) have arrested two 17-year-old boys in connection with the major ransomware attack that compromised the data…
Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
A new leak site has gone live, operated by the notorious group calling itself “Scattered Lapsus$ Hunters,” (a coalition that…
Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers
Cybersecurity experts are on high alert as a group claiming ties to the infamous Cl0p ransomware gang is bombarding companies with emails that…
Renault UK Customer Records Stolen in Third-Party Breach
Renault UK is informing customers that their personal data may have been compromised following a cyberattack on one of its third-party service…
Malicious ZIP Files Use Windows Shortcuts to Drop Malware
A new wave of phishing attacks has been detected by the cybersecurity research firm, Blackpoint Cyber, that is exploiting users’ trust…
WestJet Confirms Passenger IDs and Passports Stolen in Cyberattack
WestJet, a leading Canadian airline based in Calgary, has confirmed that a cybersecurity attack exposed personal information belonging to some…
Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks
A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people…
Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer
New research from Infoblox Threat Intel has revealed that an established, persistent group of cybercriminals, Detour Dog, has been silently…
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Researchers at Palo Alto Networks say a Chinese-linked cyberespionage group has been targeting foreign ministries, embassies, and…
Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer
A Vietnamese hacking group known as Lone None is running an online scam campaign that has been active since at least November 2024. The…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation (PSF) is warning developers about a fresh phishing campaign that targets users of the Python Package Index…
Two UK Teenagers Charged Over TfL Hack Linked to Scattered Spider
The cyberattack that disrupted Transport for London (TFL) websites and services in September 2024 has led to charges against two teenagers…
Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer
A new phishing campaign is targeting developers and influencers in the crypto industry with fake interview requests that impersonate a popular…
Vane Viper Malvertising Network Posed as Legit Adtech in Global Scams
Cybersecurity firm Infoblox says it has discovered “Vane Viper,” a massive online ad network that posed as a legitimate business…
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages…
Samsung Fixes Image Parsing Vulnerability Exploited in Android Attacks
Samsung has patched a serious security vulnerability that hackers were already using in live attacks against its Android devices. The issue,…
Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet
In early September, Qrator Labs detected and mitigated one of the most significant L7 DDoS attacks seen this year, carried out by what is now…
New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts
Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two…
SEO Poisoning Attack Hits Windows Users With Hiddengh0st and Winos Malware
New SEO poisoning campaign exposed! FortiGuard Labs reveals how attackers trick users with fake websites to deliver Hiddengh0st and Winos…
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer, ConnectWise…
Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack
US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital,…
UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data
LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but customers are…
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware
Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations.…
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
LevelBlue Labs has published new research on a recent attack that used a fileless loader to deliver AsyncRAT, a well-known Remote Access…
Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting…
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot…
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating…
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access…