Amnesty International said that Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools. On
The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.
Recent incidents indicate US is no longer characterizing Russia as a cybersecurity threat, marking a radical departure: ‘Putin is on the inside now’
Les échanges internes au groupe Black Basta divulgués la semaine dernière offrent une nouvelle opportunité d’enquêter sur l’un de ses leaders : tramp. Il pourrait avoir été arrêté en Arménie en juin 2024, avant d’être relâché.
Security researchers found evidence that Cellebrite was used by Serbian police to hack into the cellphones of a local journalist and an activist.
Key Takeaways The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment.…
(EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. In the attacks it has carried out, it exhibits a different operational strategy by carrying out all the processes necessary to obtain initial access through personalized SMS (smishing) or by calling the person directly (vishing) and tricking the victim into installing remote monitoring and management (RMM) software. When investigating the attacks carried out by the threat actor, it is evident that their social engineering techniques and persuasion skills are highly effective.
In the first phase, the actor usually creates a phishing site that targets the organization to obtain the victim's VPN credentials. The victim is then called and asked to enter the victim's details into the phishing site for technical issues, posing as an IT team or helpdesk. If the attack targeting the victim is not a call but a direct SMS text message, a fake Microsoft Teams link is used to convince the victim. After gaining access from the victim, the team runs various stealers on the compromised machine using the PowerShell
A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider.
#Breach #Computer #Data #Email #Extortion #InfoSec #Jira #Leak #Orange #Ransom #S.A. #Security
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.
The Lumma Stealer malware campaign is exploiting compromised educational institutions to distribute malicious LNK files disguised as PDFs, targeting industries like finance, healthcare, technology, and media. Once executed, these files initiate a stealthy multi-stage infection process, allowing cybercriminals to steal passwords, browser data, and cryptocurrency wallets. With sophisticated evasion techniques, including using Steam profiles for command-and-control operations, this malware-as-a-service (MaaS) threat highlights the urgent need for robust cybersecurity defenses. Stay vigilant against deceptive phishing tactics to protect sensitive information from cyber exploitation.
North Korea is behind the massive crypto hack, according to several blockchain monitoring firms and a well-known researcher
Key findings Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727. Proofpoint identified a new
On February 21, 2025, at approximately 12:30 PM UTC , Bybit detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a routine transfer process. The transfer was part of a scheduled move of ETH from our ETH Multisig Cold Wallet to our Hot Wallet. Unfortunately, the transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet. As a result, over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address.
During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers (MFPs) were vulnerable to pass-back attacks. Learn more!
A bug in the Android and iPhone monitoring operations allows anyone to access private data exfiltrated from a victim's device.
Learn about the fake Google reCAPTCHA campaign infecting machines by tricking unsuspecting users into running malicious Powershell commands.
An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.
Le Cloud computing, devenu incontournable pour les secteurs public et privé, favorise la transformation numérique mais offre également de nouvelles opportunités d’attaques et problématiques de sécurité pour les organisations qui l’utilisent.
L'ANSSI observe une augmentation des attaques contre les environnements cloud. Ces campagnes d'attaques, menées à des fins lucratives, d'espionnage et de déstabilisation, affectent les fournisseurs de services cloud (Cloud Service Provider, CSP), en partie ciblés pour les accès qu’ils peuvent offrir vers leurs clients. Elles ciblent également les environnements de clients de services cloud, dont l'hybridation des systèmes d'information générée par l'usage du cloud, augmente la surface d'attaque.
