Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.
A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim...
News
Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers
An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve...
X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation
X, the social media site formerly known as Twitter, has updated its privacy policy to collect users' biometric data to...
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into...
University of Sydney data breach impacts recent applicants
The University of Sydney (USYD) announced that a breach at a third-party service provider exposed personal information of recently applied...
Children’s snack recalled after its website caught serving porn
Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK. Except, the reason for the...
PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations...
US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Chrome extensions can steal plaintext passwords from websites
A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can...
Fake YouPorn extortion scam threatens to leak your sex tape
A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning...
US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions....
Free Key Group ransomware decryptor helps victims recover data
Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that...
Classiscam fraud-as-a-service expands, now targets banks and 251 brands
Image: Midjourney The "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more...
LogicMonitor customers hacked in reported ransomware attacks
Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks. The company...
GRU hackers attack Ukrainian military with new Android malware
Image: Midjourney Hackers working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation,...
Sourcegraph website breached using leaked admin access token
AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online...
Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis...
Forever 21 data breach: hackers accessed info of 500,000
Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had...
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository, camouflaging one of them as...
Golf gear giant Callaway data breach exposes info of 1.1 million
Topgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data...
Russian APT Intensifies Cyber Espionage Activities Amid Ukrainian Counter-Offensive
Russian APT group Gamaredon has intensified its cyber espionage activities ahead of and during Ukraine’s counter-offensive operations, according to a...
Classiscam Spreads: $64.5M Scheme Targets 79 Countries
The Classiscam scam-as-a-service operation has grown into a $64.5 million worldwide threat, infiltrating 79 countries, according to cybersecurity experts at...
GRU Blamed for Infamous Chisel Malware Targeting Ukraine’s Military Phones
The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous...
