An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police.

CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.

Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a ...

The former head of Poland’s internal security agency Piotr Pogonowski was forced to appear in front of a parliamentary committee investigating the alleged abuse of Pegasus spyware in the country.

The company, ENGlobal Corporation, has restricted employee access to its IT system, limiting it to only essential business operations.

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

On Friday, the United Nations Agency for Digital Technologies said it is partnering with the International Telecommunication Union (ITU) and International Cable Protection Committee (ICPC) to create the International Advisory Body for Submarine Cable Resilience.

• Initial access was via a resume lure as part of a TA4557/FIN6 campaign.
• The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware.
• Cobalt Strike and python-based C2 Pyramid were employed by the threat actor for post-exploitation activity.
• The threat actor abused CVE-2023-27532 to exploit a Veeam server and facilitate lateral movement and privilege escalation activities.
• The threat actor installed Cloudflared to assist in tunneling RDP traffic.
• This case was first published as a Private Threat Brief for customers in April of 2024.
• Eight new rules were created from this report and added to our Private Detection Ruleset.

• Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal.
• Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines
• The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware.
• This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS.
• Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS.
• A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content.

Supply chain management SaaS vendor Blue Yonder experienced a ransomware attack that impacted big companies like Starbucks.

BlackBerry is tracking a new campaign that delivers Trojanized MSI files that utilize DLL sideloading to execute LegionLoader, a malicious program typically used to distribute multiple infostealers on the victim’s system.

Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

In the takedown announced on Wednesday, Europol said it investigated 102 suspects and arrested 11 of them on accusations they were distributing content from streaming services illegally.

Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures.

ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.

I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October. About the bug There's a bug in MallocStackLogging, Apple's "magical" framework that allows developers …

Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes:

• An online map showcasing the links between 300+ entities;
• Historical context on the Chinese state entities dedicated to cyber offensive operations;
• An analysis of the role of universities and private companies in terms of capacity building;
• A focus on the ecosystem facilitating the acquisition of vulnerabilities for government use in cyber espionage campaigns.