Stealthy npm Malware Exposes Developer Data
A stealthy malware has been discovered on npm, the popular package manager for JavaScript, that poses a severe threat by...
News
Sophisticated Phishing Exploits Zero-Day Salesforce Vulnerability
A sophisticated email phishing campaign has been discovered by security researchers, exploiting a zero-day vulnerability in Salesforce’s email services and...
US-CERT Vulnerability Summary for the Week of July 24, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobiltay_technology -- scienta Improper Neutralization of Special Elements used in an SQL...
NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack
A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate...
Webinar – Making PAM Great Again: Solving the Top 5 Identity Team PAM Challenges
Privileged Access Management (PAM) solutions are widely acknowledged as the gold standard for securing critical privileged accounts. However, many security...
Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities
A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited...
Chrome malware Rilide targets enterprise users via PowerPoint guides
The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal...
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the...
US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the...
New Microsoft Azure AD CTS feature can be abused for lateral movement
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface...
Hacktivists fund their operations using common cybercrime tactics
Hacktivist groups that operate for political or ideological motives employ a broad range of funding methods to support their operations....
Brave Search adds private image and video search capability
The privacy-focused search engine Brave Search has finally introduced its own, independent image and video search capabilities, breaking free from...
Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes,...
Manufacturing Sector Reeling From Financial Costs of Ransomware
The enormous global costs of ransomware attacks on the manufacturing sector have been laid bare in a new analysis by...
Ivanti Discloses Yet Another Critical Flaw
Security vendor Ivanti has disclosed yet another critical vulnerability in its products, linked to a previous zero-day that was exploited...
Menlo Leverages Advanced Technology to Combat Surging Browser Threats
With the deployment of software-as-a-service tools, like Workday and Salesforce to name a few, workers are now spending more time...
Cocaine Smugglers that Posed as PC Sellers Jailed
Several members of an organized crime group (OGC) have been sentenced after police secretly monitored tens of thousands of messages...
Hundreds of Citrix Endpoints Compromised With Webshells
Around 600 global Citrix servers have been compromised by a zero-day exploit enabling webshells to be installed, according to a non-profit...
Humans Unable to Reliably Detect Deepfake Speech
Humans cannot detect deepfake speech 27% the time, researchers from University College London (UCL) have found during a recent study.The...
Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks
Microsoft Threat Intelligence has recently detected a series of highly targeted social engineering attacks employing credential theft phishing lures delivered...
Hacktivist Collective “Mysterious Team Bangladesh” Revealed
Threat intelligence experts from Group-IB have shed light on the hacktivist collective known as Mysterious Team Bangladesh.In a report published...
Cisco Talos Discusses Flaws in SOHO Routers Post-VPNFilter
Cisco Talos has published a list of numerous vulnerabilities in small and home office (SOHO) and industrial wireless routers.In their...
Cyber-Attacks Targeting Government Agencies Increase 40%
Cyber-attacks against government agencies and public sector services are up 40% in the second quarter of 2023 compared to the...
