Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that...
News
Researchers Hijack Popular NPM Package with Millions of Downloads
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack....
Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries
The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan,...
City of Oakland declares state of emergency after ransomware attack
Oakland has declared a local state of emergency because of the impact of a ransomware attack that forced the City...
Emsisoft says hackers are spoofing its certs to breach networks
A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to...
My Password Manager was Hacked! How to Prevent a Catastrophe
The LastPass security breach in late 2022 sent a shockwave through the security community. Password managers are typically seen as...
Hyundai, Kia patch bug allowing car thefts with a USB cable
Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an...
GitHub Copilot update stops AI model from revealing secrets
GitHub has updated the AI model of Copilot, a programming assistant that generates real-time source code and function recommendations in...
Hackers start using Havoc post-exploitation framework in attacks
Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc...
Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops
Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. The addressed...
Russian hacker convicted of $90 million hack-to-trade charges
Russian national Vladislav Klyushin was found guilty of participating in a global scheme that involved hacking into U.S. computer networks...
North Korea’s APT37 Targeting Southern Counterpart with New M2RAT Malware
The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in...
Webinar — A MythBusting Special: 9 Myths about File-based Threats
Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files...
Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware
A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a...
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
In an ideal world, security and development teams would be working together in perfect harmony. But we live in a...
Experts Warn of ‘Beep’ – A New Evasive Malware That Can Fly Under the Radar
Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and...
Devs targeted by W4SP Stealer malware in malicious PyPi packages
Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from...
Microsoft WinGet package manager failing from expired SSL certificate
Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired. Released in May...
The Week in Ransomware – February 10th 2023 – Clop’s Back
From ongoing attacks targeting ESXi servers to sanctions on Conti/TrickBot members, it has been quite a busy week regarding ransomware....
NameCheap’s email hacked to send Metamask, DHL phishing emails
Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that...
Lazarus hackers use new mixer to hide $100 million in stolen crypto
North Korean hackers have found a way around U.S.-imposed sanctions to launder the cryptocurrency proceeds from their heists, according to...
FTC: $1.3 billion lost by 70,000 Americans to romance scams last year
The U.S. Federal Trade Commission (FTC) says Americans once again reported record losses of $1.3 billion to romance scams in...
Spain, U.S. dismantle phishing gang that stole $5 million in a year
Spain's National Police and the U.S. Secret Service have dismantled a Madrid-based international cybercrime ring comprised of nine members who...
Pepsi Bottling Ventures suffers data breach after malware attack
Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing...
