A synopsis of the massive ongoing WordPress malware campaign: Balada Injector, including common techniques, functionalities, and vulnerability exploits used in attacks.

WPA stands for will-provide-access, if you can successfully exploit a target's setup

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.

CRIL analyses the anatomy of a new ransomware group named Money Message, which can encrypt network shares and target both Windows and Linux.

Several water monitors – which monitor irrigation systems and wastewater treatment systems – were left dysfunctional on Sunday after a cyber attack targeted the monitoring systems.

Specifically, water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.

The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.

In recent days, the US Justice Department and Pentagon have begun investigating an apparent online leak of sensitive documents, including some that were marked “Top Secret”.

A portion of the documents, which have since been widely covered by the news media, focused on Russia’s invasion of Ukraine, while others detailed analysis of potential UK policies on the South China Sea and the activities of a Houthi figure in Yemen.

The existence of the documents was first reported by the New York Times after a number of Russian Telegram channels shared five photographed files relating to the invasion of Ukraine on April 5 – at least one of which has since been found by Bellingcat to be crudely edited.

UPDATE: A new statement(Opens in a new window) from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company's official website.

The statement suggests MSI is worried hackers could circulate malicious versions of the company's BIOS software when the ransomware gang, Money Message, claims it stole the PC maker's source code.

La loi de programmation militaire prévoit que l'autorité n'aura pas besoin d'une décision de justice. Un contrôle sera réalisé a posteriori par l'Arcep.

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.

Samsung fab personnel reportedly used ChatGPT to optimize operations and create presentations, leaking confidential data to the third-party AI.

CRIL analyzes Cylance, a new Ransomware variant that uses command-line options to target both Windows and Linux users.

A ransomware affiliate is targeting publicly exposed Veritas installations to gain access to organizations.

Between 2019 and 2022, groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras.

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.

Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has...

Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform focused on financial fraud.

We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers.

A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned

Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.