Massive Balada Injector campaign attacking WordPress sites since 2017
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered...
cybersecurity
MSI confirms security breach following ransomware attack claims
Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was...
Telegram now the go-to place for selling phishing tools and services
Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to...
Medusa ransomware claims attack on Open University of Cyprus
The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of...
Hackers use Rilide browser extension to bypass 2FA, steal crypto
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and...
UK criminal records office confirms cyber incident behind portal issues
The UK's Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues...
Money Message ransomware gang claims MSI breach, demands $4 million
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known...
Microsoft and Fortra crack down on malicious Cobalt Strike servers
Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have announced a broad legal crackdown against servers hosting...
Typhon info-stealing malware devs upgrade evasion capabilities
The developers of the Typhon info-stealer announced on a dark web forum that they have updated the malware to a...
New dark web market STYX focuses on financial fraud services
A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a...
Spain’s most dangerous and elusive hacker now in police custody
The police in Spain have arrested José Luis Huertas (aka "Alcaseca", "Mango", “chimichuri”), a 19-year-old regarded as the most dangerous...
Hackers can open Nexx garage doors remotely, and there’s no fix
Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs. There are...
Biometric Authentication Isn’t Bulletproof —Here’s How to Secure It
Biometric authentication is often thought of as nearly impossible to steal or fake, a perfect addition to your cybersecurity arsenal....
FBI seizes stolen credentials market Genesis in Operation Cookie Monster
The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by...
HP to patch critical bug in LaserJet printers within 90 days
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity...
IRS-authorized eFile.com tax return software caught serving JS malware
eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript...
ALPHV ransomware exploits Veritas Backup Exec bugs for initial access
An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to the target network. The...
New Rorschach ransomware is the fastest encryptor seen so far
Following a cyberattack on a U.S.-based company, malware researchers discovered what appears to be a new ransomware strain with "technically unique features,"...
Western Digital discloses network breach, My Cloud service down
Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems....
Capita cyberattack disrupted access to its Microsoft Office 365 apps
British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications. London-based...
Cryptocurrency companies backdoored in 3CX supply chain attack
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware,...
WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without...
US seizes $112 million from cryptocurrency investment scammers
Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency...
CISA warns of Zimbra bug exploited in attacks against NATO countries
The Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to patch a Zimbra Collaboration (ZCS) cross-site scripting flaw exploited...
