Hackers target 1.5M WordPress sites with cookie consent plugin exploit
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie...
cybersecurity
Chinese hackers breach US critical infrastructure in stealthy attacks
Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United...
GitLab ‘strongly recommends’ patching max severity flaw ASAP
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal...
Cuba ransomware claims cyberattack on Philadelphia Inquirer
The Cuba ransomware gang has claimed responsibility for this month's cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper's...
Arms maker Rheinmetall confirms BlackBasta ransomware attack
German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business....
GoldenJackal state hackers silently attacking govts since 2019
Image: Bing Create A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities...
New AhRat Android malware hidden in app with 50,000 installs
Image: Bing Image Creator ESET malware researchers found a new remote access trojan (RAT) on the Google Play Store, hidden...
IT employee impersonates ransomware gang to extort employer
A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing...
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army
The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions today against four entities and one individual for their...
CISA orders govt agencies to patch iPhone bugs exploited in attacks
Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) ordered federal agencies to address three recently patched zero-day flaws affecting iPhones,...
Malicious Windows kernel drivers used in BlackCat ransomware attacks
The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software...
An AI-based Chrome Extension Against Phishing, Malware, and Ransomware
The Anti-Phishing Council has reported an increase in phishing reports and URLs, particularly targeting financial institutions. Despite using evasive techniques,...
Pentagon explosion hoax goes viral after verified Twitter accounts push
Highly realistic AI-generated images depicting an explosion near the Pentagon that went viral on Twitter caused the stock market to...
Crypto phishing service Inferno Drainer defrauds thousands of victims
A cryptocurrency phishing and scam service called 'Inferno Drainer' has reportedly stolen over $5.9 million worth of crypto from 4,888...
Google will delete accounts inactive for more than 2 years
Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two...
Android phones are vulnerable to fingerprint brute-force attacks
Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones...
npm packages caught serving TurkoRAT binaries that mimic NodeJS
Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead...
Cloned CapCut websites push information stealing malware
A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting...
PyPI temporarily pauses new users, projects amid high volume of malware
PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new...
The Week in Ransomware – May 19th 2023 – A Shifting Landscape
In the ever-shifting ransomware landscape, we saw new ransomware gangs emerge, threat actors return from a long absence, operations shifting...
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks
A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where...
Luxottica confirms 2021 data breach after info of 70M leaks online
Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70...
CISA warns of Samsung ASLR bypass flaw exploited in attacks
CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization...
Dish Network likely paid ransom after recent ransomware attack
Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February...
