New RDStealer malware steals from drives shared over Remote Desktop
A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared...
cybersecurity
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command...
Over 100,000 ChatGPT accounts stolen via info-stealing malware
More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web...
Hackers infect Linux SSH servers with Tsunami botnet malware
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS...
New Condi malware builds DDoS botnet out of TP-Link AX21 routers
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers...
Microsoft fixes Azure AD auth flaw enabling account takeover
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and...
VMware warns of critical vRealize flaw exploited in attacks
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code...
Hackers warn University of Manchester students’ of imminent data leak
Image: Ax Sharma The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning...
Hackers use fake OnlyFans pics to drop info-stealing malware
A malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as 'DcRAT,'...
Android spyware camouflaged as VPN, chat apps on Google Play
Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as...
Iowa’s largest school district confirms ransomware attack, data theft
Des Moines Public Schools, Iowa's largest school district, confirmed today that a ransomware attack was behind an incident that forced...
ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately...
New Mystic Stealer malware increasingly used in attacks
A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly...
Reddit hackers threaten to leak data stolen in February breach
The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen...
US govt offers $10 million bounty for info on Clop ransomware
The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the...
SMS delivery reports can be used to infer recipient’s location
A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing...
Police cracks down on DDoS-for-hire service active since 2013
Polish police officers of the country's Central Bureau for Combating Cybercrime detained two suspects believed to have been involved in...
Millions of Oregon, Louisiana state IDs stolen in MOVEit breach
Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked...
Western Digital boots outdated NAS devices off of My Cloud
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on...
The Week in Ransomware – June 16th 2023 – Wave of Extortion
The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached...
Russian hackers use PowerShell USB malware to drop backdoors
The Russian state-sponsored hacking group Gamaredon (aka Armageddon or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence...
Traditional Pen Testing vs. PTaaS with Web Application Security
While traditional penetration testing (pen testing) has long been the go-to method for identifying security gaps in a organization’s network and...
Barracuda ESG zero-day attacks linked to suspected Chinese hackers
A suspected pro-China hacker group tracked by Mandiant as UNC4841 has been linked to data-theft attacks on Barracuda ESG (Email...
Rhysida ransomware leaks documents stolen from Chilean Army
Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents...
