Turkish hackers targeting poorly secured MS SQL servers across the U.S., European Union, and Latin America.
Cloud Atlas spear-phishing attacks hit an agro-industrial enterprise and a state-owned research company.
Chinese threat actors exploited a new zero-day vulnerability in Barracuda's Email Security Gateway (ESG) appliances.
German law enforcement takes down dark web giant "Kingdom Market," specializing in narcotics and malware sales to tens of thousands of users.
Beware of phishing emails with invoice-themed attachments! Attackers are using an old Office vulnerability (CVE-2017-11882) to spread the Agent Tesla
Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.
Russian national Vladimir Dunaev found guilty for developing TrickBot malware, facing up to 35 years in prison.
Qualcomm has disclosed details about three high-severity security vulnerabilities that were exploited in limited, targeted attacks in October 2023.
Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.
Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.
FIRST announces CVSS v4.0, the latest version of the Common Vulnerability Scoring System. Discover how this update addresses critical vulnerabilities.
1password detected suspicious activity following the Okta support system breach. After investigation, they determined no user data was accessed.
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.
"The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline.
The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.
A new generative AI cybercrime tool called WormGPT is making waves in underground forums. It empowers cybercriminals to automate phishing attacks.
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.
The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.
Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505.
"The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.
