Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024...
News
Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker...
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in...
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited...
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible...
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals...
SUSE Linux Kernel Multiple Vulnerabilities
Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial...
RedHat Linux Kernel Multiple Vulnerabilities
Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
US-CERT Vulnerability Summary for the Week of August 12, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia
A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT...
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks...
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor...
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a...
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of...
Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used...
OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda
OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence...
Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain...
Florida-Based National Public Data Confirms Data Breach
National Public Data, a US background check company, suffered a data breach in April 2024 that could have exposed sensitive...
Geopolitical Tensions Drive Explosion in DDoS Attacks
Web distributed denial of service (DDoS) attacks rose by 265% in the first half of 2024 compared to H2 2023,...
Microsoft Mandates MFA for All Azure Sign-Ins
Microsoft has announced it is mandating multi-factor authentication (MFA) for all Azure sign-ins.Customers can select from multiple MFA options through...
Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain...
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot...
Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and...
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage malware...
