Sourcegraph website breached using leaked admin access token
AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online...
cybersecurity
Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis...
Forever 21 data breach: hackers accessed info of 500,000
Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had...
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository, camouflaging one of them as...
Open-Source Malware SapphireStealer Expands
SapphireStealer, an open-source information stealer, has emerged as a growing threat since its public debut last year. This malware is...
Smishing Triad: China-Based Fraud Network Exposed
A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens.This campaign has skillfully...
Sophisticated Cyber-Espionage Group Earth Estries Exposed
A sophisticated cyber-espionage group named “Earth Estries” has been exposed by cybersecurity firm Trend Micro. Operating since at least 2020, the group...
Paramount discloses data breach following security incident
American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally...
WordPress migration add-on flaw could lead to data breaches
All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access...
Trojanized Signal and Telegram apps on Google Play delivered spyware
Image: Midjourney Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store...
Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of...
VMware Aria vulnerable to critical SSH authentication bypass flaw
VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could...
Hackers exploit critical Juniper RCE bug chain after PoC release
Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration...
University of Michigan shuts down network after cyberattack
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing...
US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security...
Genshin Impact dev will sue Kaveh Hacks users and developers
Genshin Impact developer miHoYohas responded to an in-game hacking situation that has caused problems recently in its player community, warning...
How the FBI nuked Qakbot malware from infected Windows PCs
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized...
New Android MMRat malware uses Protobuf protocol to steal your data
A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from...
Microsoft adds HSTS support to Exchange Server 2016 and 2019
Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security (also known...
DreamBus malware exploits RocketMQ flaw to infect servers
Image: Midjourney A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability in RocketMQ servers...
Qakbot botnet dismantled after infecting over 700,000 computers
Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded...
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
Cybersecurity provider ReliaQuest observed that cyber-criminals used seven different malware loaders to deploy their intrusion campaigns in the first half...
Report Reveals Growing Disparity in Cyber Insurance Landscape
Delinea’s 2023 State of Cyber Insurance Report has revealed a growing disconnect between carriers and enterprises seeking robust coverage. Insights...
LockBit 3.0 Ransomware Variants Surge Post Builder Leak
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations. Writing in an...
