The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report
Officials from EU anti-fraud office were allegedly followed, wiretapped and had their laptops hacked by Hungary’s intelligence agency.
Some users are still lamenting issues in using the encrypted email service
Cado Security Labs details the discovery of a new cross-platform information stealer malware dubbed "Meeten" targeting macOS and Windows users.
Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.
FBI and CISA officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors.
This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)
Key findings from our analysis include:
Advanced Surveillance Capabilities:
Comprehensive Data Exfiltration:
Persistence Mechanisms:
Abuse of Legitimate Services:
Indicators of Compromise (IoCs):
Need for Collective Protection:
A recent, alleged Baltic Sea sabotage highlights the system’s fragility
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack.
In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.
BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
