Google nukes 224 Android malware apps behind massive ad fraud campaign
A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate…
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious…
Jaguar Land Rover extends shutdown after cyberattack by another week
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that…
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that…
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing…
Webinar: Your browser is the breach — securing the modern web edge
The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. On…
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses…
FinWise insider breach impacts 689K American First Finance customers
FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after…
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory
Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK…
Microsoft: Exchange 2016 and 2019 reach end of support in 30 days
Microsoft has reminded administrators again that Exchange 2016 and Exchange 2019 will reach the end of extended support next month and…
Samsung Fixes Image Parsing Vulnerability Exploited in Android Attacks
Samsung has patched a serious security vulnerability that hackers were already using in live attacks against its Android devices. The issue,…
FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’…
New VoidProxy phishing service targets Microsoft 365, Google accounts
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those…
600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet
Hackers leaked 600 GB of data linked to the Great Firewall of China, exposing documents, code, and operations. Full details available on the…
Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet
In early September, Qrator Labs detected and mitigated one of the most significant L7 DDoS attacks seen this year, carried out by what is now…
'WhiteCobra' floods VSCode market with crypto-stealing extensions
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio…
New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts
Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…
The first three things you’ll want during a cyberattack
The moment a cyberattack strikes, the clock starts ticking. Files lock up, systems stall, phones light up and the pressure skyrockets. Every…
Man gets over 4 years in prison for selling unreleased movies
A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison…
New HybridPetya ransomware can bypass UEFI Secure Boot
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on…
CISA warns of actively exploited Dassault RCE vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw…
SEO Poisoning Attack Hits Windows Users With Hiddengh0st and Winos Malware
New SEO poisoning campaign exposed! FortiGuard Labs reveals how attackers trick users with fake websites to deliver Hiddengh0st and Winos…
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer, ConnectWise…
Samsung patches actively exploited zero-day reported by WhatsApp
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android…
U.S. Senator accuses Microsoft of “gross cybersecurity negligence”
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for…
Panama Ministry of Economy discloses breach claimed by INC ransomware
Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a…
Microsoft adds malicious link warnings to Teams private chats
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as…
Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack
US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital,…
New Google AppSheet Phishing Scam Deliver Fake Trademark Notices
A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using legitimate tools…
UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data
LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but customers are…
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden, and install…
DDoS defender targeted in 1.5 Bpps denial-of-service attack
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion…
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but…
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware
Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations.…
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
LevelBlue Labs has published new research on a recent attack that used a fileless loader to deliver AsyncRAT, a well-known Remote Access…
Pixel 10 fights AI fakes with new Android photo verification tech
Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic,…
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as…
Jaguar Land Rover confirms data theft after recent cyberattack
Jaguar Land Rover (JLR) confirmed today that attackers also stole “some data” during a recent cyberattack that forced it to…
Can I have a new password, please? The $400M question.
Back in August 2023, attackers tied to the Scattered Spider group didn’t exploit a zero-day vulnerability to
U.S. sanctions cyber scammers who stole billions from Americans
The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10…
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation…
Windows 10 KB5065429 update includes 14 changes and fixes
Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including…