Hackers exploited Salesforce zero-day in Facebook phishing attack
Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable...
cybersecurity
Amazon’s AWS SSM agent can be used as post-exploitation RAT malware
Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System...
Why Every Security Practitioner Should Attend mWISE
What’s in store for mWISE 2023? 80+ curated sessions. 90+ hand-picked speakers. 7 session tracks. All the hottest topics in...
Over 640 Citrix servers backdoored with web shells in ongoing attacks
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting...
New Collide+Power side-channel attack impacts almost all CPUs
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak....
Fake FlipperZero sites promise free devices after completing offer
A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser...
Ivanti discloses new critical auth bypass bug in MobileIron Core
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. Tracked...
Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations...
How to manage a mass password reset due to a ransomware attack
Interrupted classes, disrupted planning, and postponed events – IT outages have a big impact on modern university life. But as...
Cybercriminals train AI chatbots for phishing, malware attacks
In the wake of WormGPT, a ChatGPT clone trained on malware-focused data, a new generative artificial intelligence hacking tool called...
Threat actors abuse Google AMP for evasive phishing attacks
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures...
Hackers use new malware to breach air-gapped devices in Eastern Europe
Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems...
CISA issues new warning on actively exploited Ivanti MobileIron bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of state hackers exploiting two flaws in Ivanti's Endpoint Manager...
Retail chain Hot Topic discloses wave of credential-stuffing attacks
American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in...
APT31 Implants Target Industrial Organizations
Cybersecurity researchers have uncovered crucial insights into the tactics, techniques and procedures (TTPs) employed by the threat actor APT31 (also known...
Israel’s largest oil refinery website offline after DDoS attack
Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have...
Hackers steal Signal, WhatsApp user data with fake Android chat app
Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts,...
Canon warns of Wi-Fi security risks when discarding inkjet printers
Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the...
P2PInfect server botnet spreads using Redis replication feature
Threat actors are actively targeting exposed instances of SSH and Redis Redis open-source data store with a peer-to-peer self-replicating worm...
Google: Android patch gap makes n-days as dangerous as zero-days
Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in...
Hackers exploit BleedingPipe RCE to target Minecraft servers, players
Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and...
Weekly Cybersecurity Tip: Protecting Your Digital Environment Against Ransomware Attacks
With the rise of technology, organizations of all sizes are becoming increasingly targetted by a pervasive type of cybercrime known...
New Android malware uses OCR to steal credentials from images
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and...
CISA warns of breach risks from IDOR web app vulnerabilities
CISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in...
