Russia says US hacked thousands of iPhones in iOS zero-click attacks
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via...
cybersecurity
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people
Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with...
New Horabot campaign takes over victim’s Gmail, Outlook accounts
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November...
Toyota finds more misconfigured servers leaking customer info
Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years....
7 Stages of Application Testing: How to Automate for Continuous Security
With cyber-attacks becoming more sophisticated, organizations are becoming increasingly aware of the importance of safeguarding their web applications against security...
Dark Pink hackers continue to target govt and military organizations
The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations...
Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools,...
Stealthy SeroXen RAT malware increasingly used to target gamers
A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low...
Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab Toolkit, a popular Python...
Hackers exploit critical Zyxel firewall flaw in ongoing attacks
Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install...
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a tool called "Terminator" on a Russian-speaking hacking forum that can allegedly...
Android apps with spyware installed 421 million times from Google Play
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play...
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection
The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity...
WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of...
Barracuda zero-day abused since 2022 to drop new malware, steal data
Image: Bing Image Creator Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been...
RomCom malware spread via Google Ads for ChatGPT, GIMP, more
A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into...
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable"...
MCNA Dental data breach impacts 8.9 million people after ransomware attack
Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million...
New hacking forum leaks data of 478,000 RaidForums members
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into...
Lazarus hackers target Windows IIS web servers for initial access
The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS)...
Flash loan attack on Jimbos Protocol steals over $7.5 million
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than...
Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer...
PyPI announces mandatory use of 2FA for all software publishers
The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform...
QBot malware abuses Windows WordPad EXE to infect devices
The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect...
