US-CERT Vulnerability Summary for the Week of April 24, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
News
New Android Malware ‘FluHorse’ Targeting East Asian Markets with Deceptive Tactics
Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented...
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as...
Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised
PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack...
Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts
Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their...
Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject...
Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model
Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by...
Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads
A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads...
How To Create Seamless Digital Experiences For Web And Mobile
Before the online market picked up, companies and small retailers always prioritized the customer experience in their stores. The more...
Ransomware gang hijacks university alert system to issue threats
The Avos ransomware gang hijacked Bluefield University's emergency broadcast system, "RamAlert," to send students and staff SMS texts and email...
Kimsuky hackers use new recon tool to find security gaps
The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,'...
Get 50% off Malwarebytes Premium + Privacy in this limited-time deal
If you are concerned about the security and privacy of your online activities, this new 50% off Malwarebytes deal can bring you...
New Fleckpe Android malware installed 600K times on Google Play
A new Android subscription malware named 'Fleckpe' has been spotted on Google Play, the official Android app store, disguised as...
Cisco phone adapters vulnerable to RCE attacks, no fix available
Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote...
US-CERT Vulnerability Summary for the Week of April 24, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection
Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that...
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors...
Why the Things You Don’t Know about the Dark Web May Be Your Biggest Cybersecurity Threat
IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it's difficult to monitor...
Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that...
Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia
Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South...
Brightline data breach impacts 783K pediatric mental health patients
Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware...
Google adds passkeys support for passwordless sign-in on all accounts
Google is rolling out support for passkeys for Google Accounts across all services and platforms, allowing users to sign into...
Researcher hijacks popular Packagist PHP packages to get a job
A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course...
Russian hackers use WinRAR to wipe Ukraine state agency’s data
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to...
