New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication...
News
Android apps with spyware installed 421 million times from Google Play
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play...
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection
The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity...
WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of...
Barracuda zero-day abused since 2022 to drop new malware, steal data
Image: Bing Image Creator Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been...
RomCom malware spread via Google Ads for ChatGPT, GIMP, more
A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into...
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable"...
US-CERT Vulnerability Summary for the Week of May 15, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code...
Implementing Risk-Based Vulnerability Discovery and Remediation
In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it...
CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security
Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate...
Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users
A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of...
Lazarus hackers target Windows IIS web servers for initial access
The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS)...
Flash loan attack on Jimbos Protocol steals over $7.5 million
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than...
MCNA Dental data breach impacts 8.9 million people after ransomware attack
Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million...
New hacking forum leaks data of 478,000 RaidForums members
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into...
US-CERT Vulnerability Summary for the Week of May 15, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication...
AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks
A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak...
3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them
If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP,...
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker...
Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims
A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in...
PyPI Implements Mandatory Two-Factor Authentication for Project Owners
The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software...
Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer...
