The MOVEit hack and what it taught us about application security
When a cyberattack like the 2023 MOVEit hack makes global news headlines, attention often focuses on the names of the...
cybersecurity
US charges founders of Tornado Cash mixer used by Lazarus hackers
The U.S. Justice Department charged two Tornado Cash founders with helping criminals, including the notorious North Korean Lazarus hacking group,...
Kali Linux 2023.3 released with 9 new tools, internal changes
Kali Linux 2023.3, the third version of 2023, is now available for download, with nine new tools and internal optimizations....
FBI: Lazarus hackers readying to cash out $41 million in stolen crypto
The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out...
Hosting firm says it lost all customer data after ransomware attack
Danish hosting firms CloudNordic and AzeroCloud have suffered ransomware attacks, causing the loss of the majority of customer data and...
New stealthy techniques let hackers gain Windows SYSTEM privileges
Security researchers have released NoFilter, a tool that abuses the Windows Filtering Platform to elevate a user's privileges to increases...
Discord starts notifying users affected by March data breach
Starting on Monday, Discord has been reaching out to users affected by a data breach disclosed earlier this year to...
Over 3,000 Openfire servers vulnerable to takover attacks
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user...
Bitwarden releases free and open-source E2EE Secrets Manager
Bitwarden, the maker of the popular open-source password manager tool, has released ‘Secrets Manager,’ an end-to-end encrypted secrets manager for...
Lapsus$ teen hackers convicted of high-profile cyberattacks
A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole...
MOVEit Exploitation Fallout Drives Record Ransomware Attacks
Ransomware attacks hit record levels in July 2023, driven by the Clop gang’s exploitation of the MOVEit vulnerability, according to...
US ARPA-H Initiative Counters Healthcare Cyber-Threats
In a bid to counter cyber-attacks targeting the US healthcare system, the Advanced Research Projects Agency for Health (ARPA-H), operating...
Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset
Cybersecurity researchers from ESET have uncovered a malicious toolset named Spacecolon that has been deployed to spread variants of the...
XLoader MacOS Malware Variant Returns With OfficeNote Facade
The notorious XLoader malware has resurfaced, posing as a seemingly innocuous office productivity app named “OfficeNote.”Known for its malicious activities...
WinRAR Vulnerability Affects Traders Worldwide
Cybersecurity researchers have exposed a zero-day vulnerability (CVE-2023-38831) in the popular WinRAR compression tool, which cyber-criminals have exploited to target...
Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks
Check Point Research has released its 2023 Mid-Year Security Report. The research reveals a concerning 8% surge in global weekly...
Doubling of Identity Theft Victims With Suicidal Thoughts
Some 16% of American identity theft victims have had suicidal thoughts following their experiences, up from just 8% in 2020,...
Carderbee hacking group hits Hong Kong orgs in supply chain attack
Image: Midjourney A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions...
New HiatusRAT malware attacks target US Defense Department
In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in...
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted...
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate...
Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in...
Japanese watchmaker Seiko breached by BlackCat ransomware gang
The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese...
TP-Link smart bulbs can let hackers steal your WiFi password
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo...
