Exploit available for critical bug in VM2 JavaScript sandbox library
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that...
News
Massive Balada Injector campaign attacking WordPress sites since 2017
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered...
US-CERT Vulnerability Summary for the Week of March 27, 2023
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info grinnellplans -- grinnellplans A vulnerability...
Researchers Uncover Thriving Phishing Kit Market on Telegram Channels
In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors...
CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws...
Are Source Code Leaks the New Threat Software vendors Should Care About?
Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing...
FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation
A joint international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of...
Microsoft Takes Legal Action to Disrupt Cybercriminals’ Illegal Use of Cobalt Strike Tool
Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of...
Telegram now the go-to place for selling phishing tools and services
Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to...
Medusa ransomware claims attack on Open University of Cyprus
The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of...
Hackers use Rilide browser extension to bypass 2FA, steal crypto
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and...
UK criminal records office confirms cyber incident behind portal issues
The UK's Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues...
Money Message ransomware gang claims MSI breach, demands $4 million
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known...
Microsoft and Fortra crack down on malicious Cobalt Strike servers
Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have announced a broad legal crackdown against servers hosting...
US-CERT Vulnerability Summary for the Week of March 27, 2023
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info grinnellplans -- grinnellplans A vulnerability...
Sorting Through Haystacks to Find CTI Needles
Clouded vision# CTI systems are confronted with some major issues ranging from the size of the collection networks to their...
FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Crackdown
A coordinated international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of...
Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation’s Crown Jewels
Critical infrastructure attacks are a preferred target for cyber criminals. Here's why and what's being done to protect them. What...
Typhon info-stealing malware devs upgrade evasion capabilities
The developers of the Typhon info-stealer announced on a dark web forum that they have updated the malware to a...
New dark web market STYX focuses on financial fraud services
A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a...
Spain’s most dangerous and elusive hacker now in police custody
The police in Spain have arrested José Luis Huertas (aka "Alcaseca", "Mango", “chimichuri”), a 19-year-old regarded as the most dangerous...
Hackers can open Nexx garage doors remotely, and there’s no fix
Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs. There are...
Biometric Authentication Isn’t Bulletproof —Here’s How to Secure It
Biometric authentication is often thought of as nearly impossible to steal or fake, a perfect addition to your cybersecurity arsenal....
Sorting Through Haystacks to Find CTI Needles
Clouded vision# CTI systems are confronted with some major issues ranging from the size of the collection networks to their...
