MalDoc in PDFs: Hiding malicious Word docs in PDF files
Japan's computer emergency response team (JPCERT) is sharing a new 'MalDoc in PDF' attack detected in July 2023 that bypasses...
cybersecurity
ICO calls on social media firms to protect user’s data from scraping
UK's Information Commissioner's Office (ICO), together with eleven data protection and privacy authorities from around the world, have published a...
Rhysida claims ransomware attack on Prospect Medical, threatens to sell data
The Rhysida ransomware gang has claimed responsibility for the massive cyberattack on Prospect Medical Holdings, claiming to have stolen 500,000...
Kroll data breach exposes info of FTX, BlockFi, Genesis creditors
Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in...
Data breach at French govt agency exposes info of 10 million people
Pôle emploi, France's governmental unemployment registration and financial aid agency, is informing of a data breach that exposed data belonging...
Microsoft: Stealthy Flax Typhoon hackers use LOLBins to evade detection
Microsoft has identified a new hacking group it now tracks as Flax Typhoon that argets government agencies and education, critical manufacturing,...
ICO calls social media firms to protect people’s data from scraping
UK's Information Commissioner's Office (ICO), together with eleven data protection and privacy authorities from around the world, have published a...
Leaseweb is restoring ‘critical’ systems after security breach
Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "critical" systems disabled...
Privacy Regulator Warns of Surge in “Text Pest” Cases
The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a...
Last call for mWISE, the security conference for frontline practitioners.
We’re down to the final weeks of registration for mWISE, the highly targeted, community-focused cybersecurity conference from Mandiant, now part...
Hackers use public ManageEngine exploit to breach internet org
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk...
Exploit released for Ivanti Sentry bug abused as zero-day in attacks
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code...
Jupiter X Core WordPress plugin could let hackers hijack sites
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow...
FBI warns of patched Barracuda ESG appliances still being hacked
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw...
Ransomware hackers dwell time drops to 5 days, RDP still widely used
Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of...
New Whiffy Recon malware uses WiFi to triangulate your location
Cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location...
Sensitive Data of 10 Million at Risk After French Employment Agency Breach
The French national employment agency, Pôle emploi, has been hit by a cyber-attack potentially exposing critical information of up to...
WinRAR zero-day exploited since April to hack trading accounts
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an...
The MOVEit hack and what it taught us about application security
When a cyberattack like the 2023 MOVEit hack makes global news headlines, attention often focuses on the names of the...
Hosting firm says it lost all customer data after ransomware attack
Danish hosting firms CloudNordic and AzeroCloud have suffered ransomware attacks, causing the loss of the majority of customer data and...
US charges founders of Tornado Cash mixer used by Lazarus hackers
The U.S. Justice Department charged two Tornado Cash founders with helping criminals, including the notorious North Korean Lazarus hacking group,...
Kali Linux 2023.3 released with 9 new tools, internal changes
Kali Linux 2023.3, the third version of 2023, is now available for download, with nine new tools and internal optimizations....
FBI: Lazarus hackers readying to cash out $41 million in stolen crypto
The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out...
Bitwarden releases free and open-source E2EE Secrets Manager
Bitwarden, the maker of the popular open-source password manager tool, has released ‘Secrets Manager,’ an end-to-end encrypted secrets manager for...
