Smishing Triad: China-Based Fraud Network Exposed
A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens.This campaign has skillfully...
News
Sophisticated Cyber-Espionage Group Earth Estries Exposed
A sophisticated cyber-espionage group named “Earth Estries” has been exposed by cybersecurity firm Trend Micro. Operating since at least 2020, the group...
Adobe ColdFusion Critical Vulnerabilities Exploited Despite Patches
Fortinet has observed significant threat exploitation targeting Adobe ColdFusion, a web development computing platform.This is despite a series of security...
Open-Source Malware SapphireStealer Expands
SapphireStealer, an open-source information stealer, has emerged as a growing threat since its public debut last year. This malware is...
US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called...
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel...
It’s a Zero-day? It’s Malware? No! It’s Username and Password
As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive...
Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a...
Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic
The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. "Classiscam...
North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious...
SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations
An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn...
US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Numbers Don’t Lie: Exposing the Harsh Truths of Cyberattacks in New Report
How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat...
Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology...
WordPress migration add-on flaw could lead to data breaches
All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access...
Trojanized Signal and Telegram apps on Google Play delivered spyware
Image: Midjourney Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store...
Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of...
VMware Aria vulnerable to critical SSH authentication bypass flaw
VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could...
Paramount discloses data breach following security incident
American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally...
NCSC Issues Cyber Warning Over AI Chatbots
Organizations have been warned about the cyber risks of large language models (LLMs), including OpenAI’s ChatGPT, by the UK’s National...
OpenAI Promises Enterprise-Grade Security with ChatGPT for Business
The creators of ChatGPT, OpenAI, have launched ChatGPT Enterprise which it claims to be the “most powerful version of ChatGPT...
Chinese APT Group GREF Use BadBazaar in Android Espionage
ESET researchers have exposed a sophisticated espionage tool named BadBazaar, which targets Android users through malicious versions of popular communication...
Flaw Exposes WP Migration Plugin to Hacks
A new security flaw has been discovered in the widely used All-in-One WP Migration Extensions plugin, potentially leaving millions of...
