WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without...
cybersecurity
New Money Message ransomware demands million dollar ransoms
A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data...
Fake ransomware gang targets U.S. orgs with empty data leak threats
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data...
DISH slapped with multiple lawsuits after ransomware cyber attack
Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day...
Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites....
15 million public-facing services vulnerable to CISA KEV flaws
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV...
Consumer lender TMX discloses data breach impacting 4.8 million people
TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data...
Bing search results hijacked via misconfigured Microsoft app
A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS...
New AlienFox toolkit steals credentials for 18 cloud services
A new modular toolkit called ‘AlienFox’ allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials...
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since...
Realtek and Cacti flaws now actively exploited by malware botnets
Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot...
CISA orders agencies to patch bugs exploited to drop spyware
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies today to patch security vulnerabilities exploited as zero-days in...
Ukrainian cyberpolice busts fraud gang that stole $4.3 million
Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the...
Microsoft OneNote will block 120 dangerous file extensions
Microsoft has shared more information on what malicious embedded files OneNote will soon block to defend users against ongoing phishing...
Google finds more Android, iOS zero-days used to install spyware
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install...
QNAP warns customers to patch Linux Sudo flaw in NAS devices
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation...
Hackers compromise 3CX desktop app in a supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used...
Latitude Financial data breach now impacts 14 million customers
Australian loan giant Latitude Financial Services (Latitude) is warning customers that its data breach is much more significant than initially...
Trojanized Tor browsers target Russians with crypto-stealing malware
A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency...
Crown Resorts confirms ransom demand after GoAnywhere breach
Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure...
Newly exposed APT43 hacking group targeting US orgs since 2018
A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the...
The End-User Password Mistakes Putting Your Organization at Risk
Businesses rely on their end-users, but those same users often don't follow the best security practices. Without the right password...
WiFi protocol flaw allows attackers to hijack network traffic
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to...
New MacStealer macOS malware steals passwords from iCloud Keychain
A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers,...
