China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests...
News
Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from...
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including...
LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks
Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come...
Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach
Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email...
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads...
Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack...
Hpe Russian Hackers Breached Its Security Teams Email Accounts
Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft...
Global Fintech Firm Equilend Offline After Recent Cyberattack
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in...
Over 5 300 Gitlab Servers Exposed To Zero Click Account Takeover Attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month....
Tesla Hacked 24 Zero Days Demoed At Pwn2own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for...
How To Secure Ad Passwords Without Sacrificing End User Experience
Hackers are constantly attempting to steal passwords, with Microsoft tracking 1,287 password attacks every second in 2022. If successful, the...
Vextrio Tds Inside A Massive 70 000 Domain Cybercrime Operation
A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in...
Uk Says Ai Will Empower Ransomware Over The Next Two Years
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact...
Exploit Code Released For Critical Fortra GoAnywhere Bug
Threat actors could soon strike after a proof-of-concept exploit was published for a critical vulnerability in managed file transfer (MFT)...
AI Set to Supercharge Ransomware Threat, Says NCSC
Malicious AI use will “almost certainly” drive an increase in the volume and impact of cyber-attacks over the next two...
X Makes Passkeys Available for US-Based Users
Social media giant X (formerly Twitter) has made passkeys available as a login option for US-based users on iOS.A post...
Browser Phishing Threats Grew 198% Last Year
Security researchers have observed a 198% increase in browser-based phishing attacks during the latter half of 2023 compared to the...
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
The emergence of cybercrime-as-a-service (RaaS) has lowered the entry barrier into cybercrime by allowing cybercriminals to specialize in only one...
ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts
Security researchers have observed a notable surge in dark web discussions regarding the illicit use of ChatGPT and other Large...
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with...
What is Nudge Security and How Does it Work?
In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and...
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack...
Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to...
