How To Get the Most From Your Security Team’s Email Alert Budget
We'll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that...
News
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions...
Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection
Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state...
HealthEquity Breach Hits 4.3 Million Customers
US firm HealthEquity has revealed that a data breach earlier this year led to the compromise of personal and financial...
Stolen GenAI Accounts Flood Dark Web With 400 Daily Listings
Cybercriminals have been observed capitalizing on the growing use of Generative AI (GenAI) platforms by selling stolen account credentials on...
Millions of Spoofed Emails Bypass Proofpoint Security in Phishing Campaign
Millions of perfectly spoofed emails have been sent daily as hackers took advantage of a flaw in Proofpoint’s email protection...
Sophisticated Phishing Campaign Targets Microsoft OneDrive Users
Security researchers have uncovered a sophisticated phishing campaign targeting Microsoft OneDrive users. The campaign employs advanced social engineering tactics to...
ICO Slams Electoral Commission for Basic Security Failings
Basic security failings allowed hackers to access the personal details of 40 million British voters held by the UK’s Electoral...
The Power and Peril of RMM Tools
As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and...
Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware
Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led...
New Mandrake Spyware Found in Google Play Store Apps After Two Years
A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for...
New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries
The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime...
Cyber Threat Intelligence: Illuminating the Deep, Dark Cybercriminal Underground
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each...
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a...
VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated...
US Crypto Exchange Gemini Reveals Breach
A US-headquartered cryptocurrency exchange has revealed a supply chain breach which led to the compromise of personal and banking information...
Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks
Security researchers have unveiled critical vulnerabilities within web analytics provider Hotjar and global news outlet Business Insider. The findings, from Salt...
Mandrake Spyware Infects 32,000 Devices Via Google Play Apps
Security researchers have shed light on a new iteration of Mandrake, a sophisticated Android cyber-espionage malware tool. Initially analyzed by...
Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware
An unknown PowerShell backdoor has been discovered alongside a new variant of the Zloader/SilentNight malware, Walmart’s Cyber Intelligence Team has...
Less Than Half of European Firms Have AI Controls in Place
European businesses have been urged to carefully assess what privacy, security and acceptable usage controls they need to place on...
US-CERT Vulnerability Summary for the Week of July 22, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild
Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited...
Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email...
‘Stargazer Goblin’ Creates 3,000 Fake GitHub Accounts for Malware Spread
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service...
