Cyberveille
curated by Decio
Nuage de tags
Mur d'images
Quotidien
Rechercher
Flux RSS
Flux RSS
Daily Feed
Weekly Feed
Monthly Feed
tags
search
NodeLoader Used to Deliver Malware
Axpo annonce lancer le premier SOC suisse pour les infrastructures OT | ICTjournal
Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
NATO to launch new cyber center by 2028: Official
'Operation Digital Eye' Attack Targets European IT Orgs
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research
Fraudulent shopping sites tied to cybercrime marketplace taken offline
What a new threat report says about Mac malware in 2024
Moonlock's 2024 macOS threat report
Zero-Day: How Attackers Use Corrupted Files to Bypass Detection
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
Log In POLITICO Pro Home Latest news Romanian elections War in Ukraine French political crisis Newsletters Podcasts Poll of Polls Policy news Events News Politics Hungarian CIA reportedly spied on EU officials
Tuta has suffered multiple DDoS attacks in one week – but it claims privacy has not been compromised
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
Ransomware hackers target NHS hospitals with new cyberattacks
8 US telcos compromised, FBI advises Americans to use encrypted communications - Help Net Security
2023 Anna Jaques Hospital data breach impacted +310K people
zizmor would have caught the Ultralytics workflow vulnerability
Ultralytics AI model hijacked to infect thousands with cryptominer
Roumanie : la Cour constitutionnelle annule le premier tour de l’élection présidentielle du fait de graves manipulations sur TikTok
Protecting Undersea Internet Cables: A Tech Challenge
Veeam warns of critical RCE bug in Service Provider Console
Cisco warns of continued exploitation of 10-year-old ASA bug
FBI, CISA urge Americans to use secure messaging apps in wake of massive cyberattack
Cloudflare’s developer domains increasingly abused by threat actors
Black Basta ransomware gang hit BT Group
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
Malicious Ads in Search Results Are Driving New Generations of Scams | WIRED
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples
Police seize Matrix encrypted chat service after spying on criminals
CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs
Windows Server 2012 Mark of the Web Vulnerability (0day) - and Free Micropatches for it
Poland arrests former spy chief in Pegasus spyware probe
Energy industry contractor says ransomware attack has limited access to IT systems | The Record from Recorded Future News
AWS launches an incident response service to combat cybersecurity threats | TechCrunch
Data broker exposes 600,000 sensitive files including background checks
UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News
Plusieurs tentatives: L'État luxembourgeois visé par des cyberattaques
Gaming Engines: An Undetected Playground for Malware Loaders
Starbucks, grocery stores impacted by Blue Yonder ransomware attack - Help Net Security
RobotDropper Automates the Delivery of Multiple Infostealers
PHP Reinfector and Backdoor Malware Target WordPress Sites
Python Crypto Library Updated to Steal Private Keys
11 arrested in Europol shutdown of illegal IPTV streaming networks
UK hospital network postpones procedures after cyberattack
Attacco ransomware al Bologna FC, rubati migliaia di documenti (anche sui calciatori) | Wired Italia
Bootkitty: Analyzing the first UEFI bootkit for Linux
Zello asks users to reset passwords after security incident
Here’s how simple it is for script kiddies to stand up DDoS services
Matrix Unleashes A New Widespread DDoS Campaign
Raspberry Robin Analysis
Yakuza Victim Data Leaked in Japanese Agency Attack
Microsoft Power Pages: Data Exposure Reviewed
CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks
7-Zip flaw enables code smuggling with manipulated archives
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
Apple fixes two zero-days used in attacks on Intel-based Macs
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog
Plusieurs comptes Telegram de députés ont été piratés
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED
Cinq membres du groupe de pirates Scattered Spider arrêtés
750 000 fichiers et dossiers patients sensibles français en fuite sur le dark web, que se passe-t-il ?
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
Picard victime d’une fuite de données, des milliers de clients touchés
Exploit attempts for unpatched Citrix vulnerability
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
Abnormal Security
Microsoft 365 Admin portal abused to send sextortion emails
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
T-Mobile finally managed to thwart a data breach before it occured
Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany | WIRED
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
German Stats Body Says Suffered Possible Data Breach | Barron's
Snowflake hackers identified and charged with stealing 50 billion AT&T records | TechCrunch
T-Mobile confirms it was hacked in recent wave of telecom breaches
My Habit Was Collecting
The State of Cloud Ransomware in 2024
CVE-2024-47575
Okta security bug affects those with really long usernames
China's Volt Typhoon breached Singtel, reports say
Threat Hunting Case Study: Uncovering Turla | Intel 471
“Une curiosité malsaine pour le hacking” : au procès du pirate qu ...
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Uncovering Apple Vulnerabilities: The diskarbitrationd and storagekitd Audit Story Part 1
How Italy became an unexpected spyware hub
VEEAM exploit seen used again with a new ransomware: “Frag
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
Meet Interlock — The new ransomware targeting FreeBSD servers
DocuSign's Envelopes API abused to send realistic fake invoices
Threat Campaign Spreads Winos4.0 Through Game Application
North Korean hackers employ new tactics to compromise crypto-related businesses - Help Net Security
Nokia says hackers leaked third-party app source code
New Campaign Uses Remcos RAT to Exploit Victims
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Cyberattack disables tracking systems and panic alarms on British prison vans
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
EDR Bypass Testing Reveals Extortion Actor's Toolkit
ClickFix tactic: Revenge of detection
Cisco notifies ‘limited set’ of customers after hacker accessed non-public files
Schneider Electric confirms dev platform breach after hacker steals data
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging - Securonix
The story behind HISAA
SmokeBuster Tool
Massive hack-for-hire scandal rocks Italian political elites
Cyber attack on pharmaceutical distributor AEP
DDoS site Dstat.cc seized and two suspects arrested in Germany
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
Botnet 7777: Are You Betting on a Compromised Router?
A glimpse into the Quad7 operators' next moves and associated botnets
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit
Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities | Malwarebytes
Amazon identified internet domains abused by APT29
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
ClickFix tactic: The Phantom Meet
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Elon Musk-Funded PAC Supercharges ‘Progress 2028’ Democrat Impersonation Ad Campaign
ReliaQuest Uncovers New Black Basta Social Engineering Technique - ReliaQuest
US names and charges Maxim Rudometov with developing the Redline infostealer
LightSpy: Implant for iOS
31 new ransomware groups were discovered in 2024
Update on Windows Downdate
Cyberattaque: la panne de Onelog persiste (update)
Hacker Returns $19.3 Million to Drained US Government Crypto Wallet
Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials - SANS Internet Storm Center
Cisco fixes bug under exploit in brute-force attacks
Researchers say AI transcription tool used in hospitals invents things no one ever said | AP News
POLITICO Europe
Fog ransomware targets SonicWall VPNs to breach corporate networks
How Israel’s bulky pager fooled Hezbollah
Akira ransomware continues to evolve
Rubavano informazioni da banche dati strategiche e nazionali: sei indagati. Spiati anche alcuni politici
Fake IT Workers: How HYPR Stopped a Fraudulent Hire
Embargo ransomware: Rock’n’Rust
Triad Nexus: Silent Push exposes FUNNULL CDN hosting DGA domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a polyfill.io supply chain attack impacting 110,000+ sites
Apple Shares Private Cloud Compute Virtual Research Environment, Provides Bounties for Vulnerabilities - MacRumors
Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
ShadyShader: Crashing Apple Devices with a Single Click
How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
ESET themed wiper Targets Israel
Decrypted: Mallox ransomware
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
Hackers exploit Roundcube webmail flaw to steal email, credentials
Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing. - Ars Technica
Lynx Ransomware: A Rebranding of INC Ransomware
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
FASTCash for Linux
Spate of ransomware attacks on German-speaking schools hits another in Switzerland
The War on Passwords Is One Step Closer to Being Over
THREAT ANALYSIS: Beast Ransomware
Tricks and Treats: GHOSTPULSE’s new pixel-level deception
Internet Archive breached again through stolen access tokens
Des espions chinois découverts en Suisse sur un malentendu
HijackLoader evolution: abusing genuine signing certificates
Amazon helps the US Department of Justice thwart international cybercriminal group Anonymous Sudan
Swiss identified in Austrian bomb threat investigation
USDoD hacker behind National Public Data breach arrested in Brazil
Fake recruiter coding tests target devs with malicious Python packages
Jetpack fixes critical information disclosure flaw existing since 2016
British intelligence services to protect all UK schools from ransomware attacks
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram
CTV industry’s unprecedented “surveillance”
Ukrainian pleads guilty to operating Raccoon Stealer malware
Dutch police arrest admin of 'Bohemia/Cannabia' dark web market
MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
Pokemon developer Game Freak hit with hack, internal info leaking
UK Ambulance Services targeted by Kremlin-protected Russian hackers
Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines | WIRED
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Hacked Robot Vacuums Across the U.S. Started Yelling Slurs
U.S., Microsoft seize over 100 websites allegedly used by Russian spies
Internet Archive hacked, data breach impacts 31 million users
File hosting services misused for identity phishing
AI girlfriend site breached, user fantasies stolen
Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips
From Perfctl to InfoStealer
Zero Day Initiative — The October 2024 Security Update Review
Ivanti warns of three more CSA zero-days exploited in attacks
Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday
The 30-year-old internet backdoor law that came back to bite
Mamba 2FA: A new contender in the AiTM phishing ecosystem - Sekoia.io Blog
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Arrests in international operation targeting cybercriminals in West Africa
DOJ, Microsoft seize more than 100 domains used by the FSB
Further Evil Corp cyber criminals exposed, one unmasked as LockBit affiliate - National Crime Agency
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death
Apple fixes password-blurting VoiceOver bug
Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan
Rackspace systems hit by zero-day exploit of third-party app • The Register
Patch for Critical CUPS vulnerability: Don't Panic - SANS Internet Storm Center
Dutch Police: ‘State actor’ likely behind recent data breach
A Measure of Motive: How Attackers Weaponize Digital Analytics Tools | Google Cloud Blog
Over 300,000! GorillaBot: The New King of DDoS Attacks
US senator targeted by deepfake caller posing as Ukrainian diplomat | US politics | The Guardian
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes
Agence France-Presse says cyberattack targeted IT systems
Crucial Texas hospital system turning ambulances away after ransomware attack
LockBit power cut: four new arrests and financial sanctions against affiliates | Europol
Critical flaw in NVIDIA Container Toolkit allows full host takeover
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Banks: Zurich asset manager hit by massive hacker attack
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
Hacker behind Snowflake customer data breaches remains active
Hacking Kia: Remotely Controlling Cars With Just a License Plate
Meta fined $102 million for storing passwords in plain text
10 security bugs put fuel storage tanks at risk of attacks
NIST proposes barring some of the most nonsensical password rules
China-linked APT group Salt Typhoon compromised some US ISPs
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
Rhadamanthys Stealer v0.7.0: A Rising Threat in the Cybercrime Ecosystem
Hacker plants false memories in ChatGPT to steal user data in perpetuity
Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report
Behind the CAPTCHA: A Clever Gateway of Malware
Informatique: l’Etat de Vaud victime d’attaques «très virulentes»
Critical Ivanti vTM auth bypass bug now exploited in attacks
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
US intelligence agencies confirm Russia is pushing fake videos of Kamala Harris
Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
Telegram Changes Policy, Says It Will Provide User Data to Authorities
Rental Car Vendor's Security Flaw Exposed Damage Claims Reports
China urges netizens to be vigilant against Taiwanese cyberattacks
Microsoft ends development of Windows Server Update Services (WSUS)
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America | Europol
GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
Enterprise ServiceNow Knowledge Bases at Risk
Thousands of orgs at risk of ServiceNow KB data leaks
New Criminal Complaint Over Pegasus Spyware Hacking of journalists and activists in the UK
Is Tor still safe to use?
New macOS malware HZ RAT lets attackers control Macs remotely
Clever 'GitHub Scanner' campaign abusing repos to push malware
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution
Australian police infiltrate encrypted messaging app Ghost and arrest dozens
Europol takes down "Ghost" encrypted messaging platform used for crime
Police Hack Into ‘Ghost’, An Encrypted Platform for Criminals
Mastercard invests in continued defense of global digital economy with acquisition of Recorded Future
Port of Seattle refuses to pay Rhysida ransom, warns of data leak
How Lazarus Group laundered $200M from 25+ crypto hacks to fiat …
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
Qilin ransomware attack on Synnovis impacted over 900K patients
Microsoft working on OS update to prevent another IT outage
Hadooken Malware Targets Weblogic Applications
Apple is well on its way to making iPhones theft-proof
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
German radio station forced to broadcast 'emergency tape' following cyberattack
23andMe Agrees To $30 Million Settlement For Last Year's Data Breach
Scammers advertise fake AppleCare+ service via GitHub repos
UK arrests teen linked to Transport for London cyber attack
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
Ils réclament 3 millions à la Banque cantonale de Zurich: 4 jeunes arrêtés
Chinese APT Abuses VSCode to Target Government in Asia
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Data centres as vital as NHS and power grid, government says
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
TfL confirms 5,000 customers' bank data exposed
Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers
Fortinet suffers third-party data breach affecting Asia-Pacific customers - Cyber Daily
Europe’s privacy watchdog probes Google over data used for AI training
Telegram: 'The dark web in your pocket'
Enquête ESET : le cybergang CosmicBeetle cible des entreprises françaises et devient affilié de RansomHub | UnderNews
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
A glimpse into the Quad7 operators' next moves and associated botnets
Tracking Ransomware - August 2024 - CYFIRMA
Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts
Critical SonicWall SSLVPN bug exploited in ransomware attacks
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Sextortion scams now use your "cheating" spouse’s name as a lure
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
Une faille dans le HDMI permet de voler des mots de passe et des informations sensibles
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
Swiss found to be gullible regarding fake news
Predator Spyware Infrastructure Resurfaces Post-Sanctions – What You Need to Know
D-Link says it is not fixing four RCE flaws in DIR-846W routers
U.S. charges five Russian military members for destructive cyber ops, hack-and-leak campaigns | CyberScoop
Obfuscated PowerShell leads to Lumma C2 Stealer
Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
Quarante pourcents de la population se tourne vers l'IA
U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
Lowe's employees phished via Google ads | Malwarebytes
Unpacking the unpleasant FIN7 gift: PackXOR
Veeam warns of critical RCE flaw in Backup & Replication software
Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group
Critical Account Takeover in LiteSpeed Cache Plugin
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Cisco warns of backdoor admin account in Smart Licensing Utility
Police Ombudsman sorry for ‘distressing’ data leak as investigation is launched
Making progress on routing security: the new White House roadmap
RPKI ROV Deployment Reaches Major Milestone
Dutch regulator slaps Clearview AI with $33 million fine, threatens executive liability - The Verge
Transport for London faces 'ongoing cyber security incident'
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
Admins of MFA bypass service plead guilty to fraud
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
Fake Google Authenticator Website Installs Malware
Cicada 3301 - Ransomware-as-a-Service - Technical Analysis
Docker-OSX image used for security research hit by Apple DMCA takedown
Germany's Sovereign Tech Fund Puts Over $750K Into FreeBSD Infrastructure Projects
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Dutch cabinet bans phones in meetings over espionage fears
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk
Telegram CEO’s brother also wanted by French authorities
Unprecedented 3.15 Billion Packet Rate DDoS Attack Mitigated by Global Secure Layer
Threat Actors Retaliate After Durov’s Arrest
Après l’arrestation de Pavel Durov, une vague de cyberattaques cible la France
Paris court explains why it's arrested Telegram founder, Pavel Durov
Malicious Plugin
WordPress Websites Used to Distribute ClearFake Trojan Malware
Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering
Telegram says CEO has ‘nothing to hide’ after being arrested in France
The gift that keeps on giving: A new opportunistic Log4j campaign
BlackSuit Ransomware
OpenSSH Backdoors
Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules
Cyberattaque contre Swisscom: L'attaque DDos repoussée
TodoSwift Disguises Malware Download Behind Bitcoin PDF
Cthulhu Stealer malware aimed to take macOS user data
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
FIN7: The Truth Doesn't Need to be so STARK
Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Qilin ransomware caught stealing credentials stored in Google Chrome
Touché par un ransomware, Schlatter Industries a relancé ses systèmes (update) | ICTjournal
NGate Android malware relays NFC traffic to steal cash
No one’s ready for this
Windows 0-day was exploited by North Korea to install advanced rootkit
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains
Chipmaker Microchip reveals cyber attack
MITRE Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows - Socket
The Abuse of ITarian RMM by Dolphin Loader
Toyota confirms breach after stolen data leaks on hacking forum
Routers from China-based TP-Link a national security threat, US lawmakers claim
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
Windows driver zero-day exploited by Lazarus hackers to install rootkit
stardom dreams, stalking devices and the secret conglomerate selling both
Beyond the wail: deconstructing the BANSHEE infostealer
DDoS attack volume rises, peak power reaches 1.7 Tbps
Geopolitical Tensions Drive Explosion in DDoS Attacks
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code
Ransomware attackers introduce new EDR killer to their arsenal
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says
White House working on cyber insurance policy proposal for ‘catastrophic’ incidents
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments
The Hidden Treasures of Crash Reports
Troy Hunt: Inside the "3 Billion People" National Public Data Breach
Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters | WIRED
Inside the FBI's Dashboard for Wiretapping the World
Extension Trojan Malware Campaign
Russia-linked phishing campaigns ensnare civil society and NGOs
Critical SAP flaw allows remote attackers to bypass authentication
CVE-2024-39825 and CVE-2024-39818: High-Risk Zoom Flaws Require Urgent Updates
CVE-2024-23897 Enabled Ransomware Attack on Indian Banks
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers
Suspected head of prolific cybercrime groups arrested and extradited - National Crime Agency
Compromising Microsoft's AI Healthcare Chatbot Service
Don’t get Mad, get wise
Exploiting pfsense Remote Code Execution – CVE-2022-31814
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
Technical Exploits of HID's iClass SE Discovered, To Be Revealed at DEF CON 32
Feds seize Radar/Dispossessor ransomware gang servers in US and Europe
CrowdStrike Exec Shows Up to Accept 'Most Epic Fail' Award in Person
Ongoing Social Engineering Campaign Refreshes Payloads
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms
A Dive into Earth Baku’s Latest Campaign
Hackers leak 2.7 billion data records with Social Security numbers
Iran Targeting 2024 US Election
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
How a cybersecurity researcher befriended, then doxed, the leader of LockBit
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
From Limited file read to full access on Jenkins (CVE-2024-23897)
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive
Open letter to UK online service providers
INTERPOL recovers over $40 million stolen in a BEC attack
Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine
CrowdStrike says it isn't to blame for Delta's flight cancellations after July outage
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel
Threat Actors Capitalize On ServiceNow Vulnerability
Ransomware gang targets IT workers with new SharpRhino malware
Google fixes Android kernel zero-day exploited in targeted attacks
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
Surge in Magniber ransomware attacks impact home users worldwide
Russia-linked operations target Paris 2024 Olympics
Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…
Black Basta ransomware switches to more evasive custom malware
UNC4393 Goes Gently into the SILENTNIGHT
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
How the theft of 40M UK voter register records was entirely preventable
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
Mozilla follows Google in distrusting Entrust’s TLS certs • The Register
Turkey blocks access to Instagram – POLITICO
Who are the two major hackers Russia just received in a prisoner swap?
Nouvelles vagues de vandalisme sur les fibres optiques : Internet perturbé en France - Next
Swiss stock exchange halts trading due to technolgy issues
'Error' in Microsoft's DDoS defenses amplified Azure outage
IBM: Cost of a breach reaches nearly $5 million, with healthcare being hit the hardest
Cyberattack hits blood-donation nonprofit OneBlood
Microsoft says massive Azure outage was caused by DDoS attack
Google ads push fake Google Authenticator site installing malware
La Bourse suisse interrompt ses transactions pendant plusieurs heures
New Mandrake Android spyware version discovered on Google Play | Securelist
French fiber optic cables hit by ‘major sabotage’ in second Olympics attack
Hackers Exploited a PC Driving Sim to Pull Off Massive Disney Data Breach
Ferrari exec foils deepfake plot by asking a question only the CEO could answer
Websites are Blocking the Wrong AI Scrapers (Because AI Companies Keep Making New Ones)
CrowdStrike's Impact on Aviation
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
TikTok Has a Nazi Problem
LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG
Meta nukes massive Instagram sextortion network of 63,000 accounts
SwRI evaluates cybersecurity risks associated with EV fast-charging equipment | Southwest Research Institute
Mid-year Doppelgänger information operations in Europe and the US
Malicious Python Package Targets macOS Developers
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
Windows Security best practices for integrating and managing security tools
BreachForums v1 hacking forum data leak exposes members’ info
NCA infiltrates world's most prolific DDoS-for-hire service - National Crime Agency
NVD Analysis Report
Microsoft calls for Windows changes and resilience after CrowdStrike outage
BIND updates fix high-severity DoS bugs in the DNS software suite
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica
Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA
Stargazers Ghost Network
DDoS Attacks in Spain
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit - Forbidden Stories
Switzerland now requires all government software to be open source
Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
TuDoor
Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems
Lviv neighbourhood left without heating, hot water by hacker attack
Ransomware ecosystem fragmenting under law enforcement pressure and distrust
CrowdStrike blames a test software bug for Windows wipeout
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
Ils soutirent 346'000 francs grâce à une arnaque WhatsApp
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
Solving the 7777 Botnet enigma: A cybersecurity quest
Telegram zero-day allowed sending malicious Android APKs as videos
Spanish police arrest three suspects linked to pro-Moscow NoName057(16) hackers
NCA infiltrates DDoS-for-hire site as suspected controller arrested in Northern Ireland
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
dirDevil: Hiding Code and Content Within Folder…
Spanish Police Arrests NoName Hackers
Technical Details: Falcon Update for Windows Hosts
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Our Statement on Today's Outage
Teenage suspect in MGM Resorts hack arrested in Britain
Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock
Special Report: Massive Global IT Outages Triggered by Faulty CrowdStrike Update
APT41 Has Arisen From the DUST
Banks, airlines, brokerage houses report widespread outages across the globe
New hacker group uses open-source tools to spy on entities in Asia-Pacific region
Critical Cisco bug lets hackers add root users on SEG devices
Trello Data Breach: Hacker Dumps Personal Info of Millions of Users
INTERPOL operation strikes major blow against West African financial crime
NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
Fake AWS Packages Ship Command and Control Malware In JPEG Files
FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
MediSecure reveals about 12.9 million Australians had personal data stolen by hackers in April | Australia news | The Guardian
Germany to ban Chinese companies' components from core parts of its 5G networks | AP News
Iraq-based cybercriminals deploy malicious Python packages to steal data
ClickFix Deception: A Social Engineering Tactic to Deploy Malware
FBI Gains Access to Suspected Trump Shooter’s Password Locked Phone
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
Kaspersky Lab Closing U.S. Division; Laying Off Workers
AT&T Paid a Hacker $370,000 to Delete Stolen Phone Record
Critical Exim bug bypasses security filters on 1.5 million mail servers
Doppelganger operation
Kematian-Stealer : A Deep Dive into a New Information Stealer
Persistent npm Campaign Shipping Trojanized jQuery
Distribution of AsyncRAT Disguised as Ebook
CloudSorcerer APT uses cloud services and GitHub as C2 | Securelist
Behind the Attack: Live Chat Phishing
How do cryptocurrency drainer phishing scams work?
Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)
Chinese APT40 hackers hijack SOHO routers to launch attacks
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere
CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
US Disrupts Russian Bots Spreading Propaganda on Twitter
EDR as an Offensive Tool
Decrypted: DoNex Ransomware and its Predecessors
South African pathology labs down after ransomware attack
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
Russia forces Apple to remove VPN apps from the App Store
Supply Chain Compromise Leads to Trojanized Installers | Rapid7 Blog
Indian Software Firm's Products Hacked to Spread Data-Stealing Malware
Formula 1 governing body discloses data breach after email hacks
'Welcome to Londonistan': the Great Replacement theory gone visual ahead of the U.K. election
Il silenzio di Synlab sul furto e la diffusione di migliaia di dati sanitari - Il Post
How scam networks use fake celebrity ads to lure online investors
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability
Europol coordinates global action against criminal abuse of Cobalt Strike
Sonar
OpenAI’s ChatGPT Mac app was storing conversations in plain text
Twilio says hackers identified cell phone numbers of two-factor app Authy users
Europol coordinates global action against criminal abuse of Cobalt Strike | Europol
CVE-2024-29510 - Exploiting Ghostscript using format strings
Poland to probe Russia-linked cyberattack on state news agency
Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
TeamViewer: Hackers copied employee directory data and encrypted passwords
Analysis of the Phishing Campaign: Behind the Incident
Startups scramble to assess fallout from Evolve Bank data breach
Cisco warns of NX-OS zero-day exploited to deploy custom malware
Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
Meet Brain Cipher — The new ransomware behind Indonesia's data center attack
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities
New Medusa malware variants target Android users in seven countries
Polyfill claims it has been 'defamed', returns after domain shut down
LockBit lied: Stolen data is from a bank, not US Federal Reserve
Hubspot says it's investigating customer account hacks | TechCrunch
Critical GitLab bug lets attackers run pipelines as any user
South Korean telecom company attacks torrent users with malware — over 600,000 customers report missing files, strange folders, and disabled PCs
Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
New P2Pinfect version delivers miners and ransomware on Redis servers
Progress Software elevates severity of new MOVEit bug to ‘critical’ as exploit attempts jump
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
US accuses Russian of helping Kremlin hack Ukraine’s state computer systems
Chinese Cyberspies Employ Ransomware in Attacks for Diversion
ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims
CDK Begins Restoring Systems Amid Ransomware Payment Reports
Neiman Marcus says 64,000 affected by breach of Snowflake customer account
South Africa’s national health lab hit with ransomware attack amid mpox outbreak
GrimResource - Microsoft Management Console for initial access and evasion
Stop Using cdn.polyfill.io Now
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
CISA confirms hackers may have accessed data from chemical facilities during January incident
New attack uses MSC files and Windows XSS flaw to breach networks
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032)
Malvertising Campaign Leads to Execution of Oyster Backdoor
RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates
XZ backdoor behavior inside OpenSSH
More than 12,000 Santander employees in US affected by Snowflake breach
Facebook PrestaShop module exploited to steal credit cards
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
UK government weighs action against Russian hackers over NHS records theft
Threat Actor Claims AMD and Apple Breaches
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Russian spies' hacking campaign is 'endangering' French diplomatic interests
US bans sale of Kaspersky software citing security risk from Russia
Attacco Informatico all'ASST Rhodense: Cicada3301 pubblica 1 TB di Dati Sensibili liberamente scaricabili
Aggiornamento attacco hacker 2024 - Croce Rossa Italiana
Zero-Click Critical Microsoft Outlook Vulnerability. What You Need to Know.
SolarMarker Impersonates Job Employment Website, Indeed,…
All households in Scottish region to get alert about hackers publishing stolen medical data
UNC3944 Targets SaaS Applications
Comment une nébuleuse, "The Comm", a engendré l’un des gangs les plus craints du moment, Scattered Spider
Security bug allows anyone to spoof Microsoft employee emails
Suspected 'Scattered Spider' hacker, 22, reportedly arrested in Spain
New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake
Microsoft Refused to Fix Flaw Years Before SolarWinds Hack
New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
Black Basta ransomware gang linked to Windows zero-day attacks
The mystery of an alleged data broker’s data breach
New York Times warns freelancers of GitHub repo data breach
Former head of NSA joins OpenAI board
Microsoft fixes hack-me-via-Wi-Fi Windows security hole • The Register
Breaking: Meta halts AI rollout in Europe after ‘request’ from Irish data protection authorities
Major takedown of critical online infrastructure to disrupt terrorist communications and propaganda | Europol
Here’s what to know about Adobe’s Terms of Use updates
Ukrainian cyber specialists attack Russian airports, several flights delayed - source
Evolution of KILLNET from Hacktivism to Private Hackers Company and the Role of Sub-groups
Multiple flaws in Fortinet FortiOS fixed
Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops
You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
The New York Times source code leaked by a 4chan user
CVE-2024-4577 RCE in PHP CGI: Everything you need to know | Wiz Blog
Bypassing Veeam Authentication CVE-2024-29849
Switzerland notes increase in cyberattacks ahead of Ukraine peace summit
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Urgent call for O-type blood donations following London hospitals ransomware attack
Mandiant says hackers stole a 'significant volume of data' from Snowflake customers
Apple’s AI promise: “Your data is never stored or made accessible to Apple”
Festung Bürgenstock: Diese Gefahren drohen rund um die Friedenskonferenz
La SSR sur ses gardes face à l'éventualité de cyberattaques pendant le sommet du Bürgenstock
Malicious VSCode extensions with millions of installs discovered
Russia-linked 'Lumma' crypto stealer now targets Python devs
Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine | Fortinet Blog
Microsoft hit with EU privacy complaints over schools' use of 365 Education suite
Major London hospitals disrupted by Synnovis ransomware attack
Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks
Revealed: Russian legal foundation linked to Kremlin activities in Europe | Russia | The Guardian
The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability
No Way, PHP Strikes Again! (CVE-2024-4577)
Operation Crimson Palace: A Technical Deep Dive – Sophos News
Europe's cybersecurity chief says disruptive attacks have doubled in 2024, sees Russia behind many
Vulnerability in Cisco Webex cloud service exposed government authorities, companies
Cyberattack on telecom giant Frontier claimed by RansomHub
Ransomware attack hits major London hospitals
Analysts join the call for Microsoft to recall Recall
Un prestataire externe de la Ville d'Yverdon-les-Bains victime d'une cyberattaque
PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog
TikTok fails 'disinformation test' before EU vote, study shows
Live Nation confirms Ticketmaster breach after hackers hawk stolen info of 560 million
Crooks threaten to leak 2.9B records of personal info
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Telegram Combolists and 361M Email Addresses
Google Leak Reveals Thousands of Privacy Incidents
Molding lies into reality || Exploiting CVE-2024-4358
Cyber house of cards – Politicians’ personal details exposed online
Ticketmaster confirms massive breach after stolen data for sale online
Shalev Hulio Made Pegasus Spyware, Now He’s King of Israeli AI
Hackers phish finance orgs using trojanized Minesweeper clone
Space secrets security update
Ticketmaster confirms data breach with a SEC filing
Hacker Releases Jailbroken "Godmode" Version of ChatGPT
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
OpenAI finds Russian, Chinese propaganda campaigns used its tech
The Pumpkin Eclipse
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
Data breach exposes details of 25,000 current and former BBC employees
Check Point - Wrong Check Point (CVE-2024-24919)
An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them
macOS version of elusive 'LightSpy' spyware tool discovered
Operators of 911 S5 residential proxy service subjected to US sanctions
PoC Exploit Released For macOS Privilege Escalation Vulnerability
Troy Hunt: Operation Endgame
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Cybercriminals pose as "helpful" Stack Overflow users to push malware
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet | WIRED
TeamCity Major Bug-Fix Release for All Versions: Update Your Server Now | The TeamCity Blog
From Origins to Operations: Understanding Black Basta Ransomware
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive
Pegasus in Rwanda: Sister of presidential candidate, high-ranking Rwandan politicians added to spyware list
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
Cyber Signals: Inside the growing risk of gift card fraud
Pwn2Own Toronto 2022 : A 9-year-old bug in MikroTik RouterOS
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data
New ShrinkLocker ransomware uses BitLocker to encrypt your files
Foxit PDF “Flawed Design” Exploitation
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Putin hijacked Austria’s spy service. Now he's going after its government
Hacker defaces spyware app’s site, dumps database and source code
Malicious PyPI packages targeting highly specific MacOS machines
How Apple Wi-Fi Positioning System can be abused to track people around the globe
A root-server at the Internet’s core lost touch with its peers. We still don’t know why.
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
Criminal record database of millions of Americans dumped online
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
Così le autorità sono arrivate Dmitry Yuryevich Khoroshev, il leader di LockBit
'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch
QNAPping At The Wheel (CVE-2024-27130 and friends)
Exclusive: Flutterwave loses ₦11 billion in security breach
Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee | CNN Business
Microsoft will require MFA for all Azure users
Cybercriminals Exploit Docusign With Customizable Phishing Templates
Russian hackers use new Lunar malware to breach a European govt's agencies
To the Moon and back(doors): Lunar landing in diplomatic missions
Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Cyber Official Speaks Out, Reveals Mobile Network Attacks in U.S.
Popular Cyber Crime Forum Breach Forums Seized by Police
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
Investigation into Helsinki Education Division data breach proceeds | City of Helsinki
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
Leveraging DNS Tunneling for Tracking and Scanning
2023 Kaspersky Incident Response report
Malicious Go Binary Delivered via Steganography in PyPI
Ongoing Malvertising Campaign leads to Ransomware
Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
My life as a Chinese spy: Secret police agent tells all - ABC News
Stolen children’s health records posted online in extortion bid
Europol confirms web portal breach, says no operational data stolen
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
Chi sono gli operatori telefonici sfruttati dall’azienda italiana di sorveglianza Carro
Un logiciel russe utilisé par Fedpol et Armasuisse suscite des inquiétudes sécuritaires
Big Vulnerabilities in Next-Gen BIG-IP
Zscaler takes "test environment" offline after rumors of a breach
Chinese network behind one of world’s ‘largest online scams’
UK confirms Ministry of Defence payroll data exposed in data breach
What we learned from the indictment of LockBit’s mastermind
Une faille informatique grave a fragilisé l’armée allemande
Proton Mail Discloses User Data Leading to Arrest in Spain
POLITICO Europe
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Neuf parlementaires suisses visés par une cyberattaque attribuée à la Chine - rts.ch - Suisse
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia |
Watch out for tech support scams lurking in sponsored search results
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Google shares update on passkeys and new ways to protect accounts
Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
New “Goldoon” Botnet Targeting D-Link Devices
Operation PANDORA shuts down 12 phone fraud call centres
Op Pandora puts suspected phone fraudsters back in the box
Eight Arms to Hold You: The Cuttlefish Malware
Hacker free-for-all fights for control of home and office routers everywhere
macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown
French hospital CHC-SV refuses to pay LockBit extortion demand
Microsoft needs to win back trust
Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams
Baltic countries blame Russia for GPS jamming of commercial flights
Vastaamo hack: Therapy notes hacker jailed for blackmail
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Pourquoi les CFF sont la cible favorite des hackers russes
Global attacker median dwell time continues to fall
The walls of Apple’s garden are tumbling down
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Okta warns of "unprecedented" credential stuffing attacks on customers
PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May
Chinese Keyboard App Vulnerabilities Explained
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
Unplugging PlugX: Sinkholing the PlugX USB worm botnet
France seeks new EU sanctions to target Russian disinformation
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks
LOCKBIT Black's Legacy: Unraveling The DragonForce Ransomware Connection - Cyble
Kapeka: A novel backdoor spotted in Eastern Europe
GreyNoise Labs - Decrypting FortiOS 7.0.x
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs
How a Massive Hack of Psychotherapy Records Revealed a Nation’s Secrets
CVE-2024-20356: a Cisco appliance to run DOOM
DDoS platform shut down by international law enforcement agencies
Le système informatique de Volkswagen gravement piraté en 2015, probablement par des cyber-espions chinois
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Le groupe Swisspro victime d'une attaque par ransomware
Unauthenticated function injection vulnerability in WordPress Shortcode Addons plugin (unpatched). – NinTechNet
L'hôpital de Cannes victime d'une cyberattaque, les opérations non urgentes reportées
‘Large volume’ of data stolen from UN agency after ransomware attack
MITRE says state hackers breached its network via Ivanti zero-days
LastPass Users Lose Master Passwords to Ultra-Convincing Scam
Ransomware payments drop to record low of 28% in Q1 2024
‘The machine did it coldly’: Israel used AI to identify 37,000 Hamas targets
Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist | TechCrunch
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion
Cisco: Hacker breached multifactor authentication message provider on April 1
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
New Backdoor, MadMxShell
Idle GPUs Are the Devil's Workshop
Students turning to cyberfraud as huge phishing
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities | WIRED
Over 500 people targeted by Pegasus spyware in Poland, officials say
Ivanti warns of critical flaws in its Avalanche MDM solution
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
DDoS threat report for 2024 Q1
The US Government Has a Microsoft Problem
Change Healthcare stolen patient data leaked by ransomware gang
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
Leaked LockBit builder in a real-life incident response case | Securelist
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering | Proofpoint US
CISA: Email from federal agencies possibly accessed in Russian breach of Microsoft
Automating Pikabot’s String Deobfuscation
World-first “Cybercrime Index” ranks countries by cybercrime threat
Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian
Ransomware gang’s new extortion trick? Calling the front desk
Targus discloses cyberattack after hackers detected on file servers
Attempted Audio Deepfake Call Targets LastPass Employee
Roku says 576,000 user accounts hacked after second security incident
Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Kaspersky analysis of the backdoor in XZ
Romania-linked ‘Rubycarp’ hackers look for cryptomining, phishing DDoS opportunities
Round 2: Change Healthcare Targeted in Second Ransomware Attack
Vulnerabilities Identified in LG WebOS
Security Advisory YSA-2024-01
PSG : le système de billetterie du club attaqué
Muddled Libra’s Evolution to the Cloud
SurveyLama, plateforme de sondages en ligne française, a subi une attaque exposant les données de plus de 4 millions d'utilisateurs
+92,000 Internet-facing D-Link NAS devices can be easily hacked
Price of zero-day exploits rises as companies harden products against hackers
Over 92,000 exposed D-Link NAS devices have a backdoor account
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
Researchers Observed Visual Studio Code Extensions Steals
Qakbot Strikes Back: Understanding the Threat
Distinctive Campaign Evolution of Pikabot Malware
Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption
Ukraine gives award to foreign vigilantes for hacks on Russia
Kobold letters
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks
IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc.
A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask
Ukrainian cybersecurity official reveals structure of Russian hacker groups
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny
DJI Mavic 3 Drone Research: Vulnerability Analysis
Threat Actors Deliver Malware via YouTube Video Game Cracks
Microsoft could have prevented Chinese cloud email hack, US cyber report says
Enregistré à son insu, son entretien RH finit sur le darknet
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
Google fixes two Pixel zero-day flaws exploited by forensics firms
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
The Open Source Community is Building Cybersecurity Processes for CRA Compliance
OWASP Data Breach Notification
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Facebook snooped on users’ Snapchat traffic in secret project, documents reveal | TechCrunch
La FFF, victime d'une attaque informatique, annonce le vol de données de certains de ses adhérents
What we know about the xz Utils backdoor that almost infected the world
Infostealers continue to pose threat to macOS users
Vulnerabilities Year-in-Review: 2023
Claro Company Hit by Trigona Ransomware
Check if you're vulnerable to CVE-2024-3094
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
Serious security breach hits EU police agency
Les clients Apple victimes de push bombing pour réinitialiser leur identifiant
AT&T confirms data for 73 million customers leaked on hacker forum
EU bans anonymous crypto payments to hosted wallets
Les attaques informatiques contre les ENT continuent dans le Nord ...
PHP Obfuscator with Backdoor
Easy privilege escalation exploit lands for Linux kernels
Urgent security alert for Fedora 41 and Fedora Rawhide users
Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
AI bots hallucinate software packages and devs download them
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
PyPI halted new users and projects while it fended off supply-chain attack
Jeffrey Epstein's Island Visitors Exposed by Data Broker
Diving Deeper into AI Package Hallucinations
Lighter Ransomware Locks Users Out of System
Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services
Thousands of servers hacked in ongoing attack targeting Ray AI framework
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Finland confirms APT31 hackers behind 2021 parliament breach
Google: Spyware vendors behind 50% of zero-days exploited in 2023
BlueSpy - Spying on Bluetooth conversations
New ZenHammer memory attack impacts AMD Zen CPUs
Why X86 Needs To Die
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
Over 170K users hit by poisoned Python package ruse
New Go loader pushes Rhadamanthys stealer
APT29 Uses WINELOADER to Target German Political Parties | Mandiant
L’Active Directory et l’exposition Internet au programme du plan de sécurisation des hôpitaux
IMF Investigates Cyber-Security Incident
Change Healthcare ransomware attack disrupting industry nationwide
Darknet marketplace Nemesis Market seized by German police
Large-Scale StrelaStealer Campaign in Early 2024
Google Online Security Blog: Vulnerability Reward Program: 2023 Year in Review
The iSOON Disclosure: Exploring the Integrated Operations Platform
Ransomware Recruitment Efforts Following Law Enforcement Disruption
Apple Sued for Prioritizing Market Dominance Over Security
OpenAI's chatbot store is filling up with spam
Exploit released for Fortinet RCE bug used in attacks, patch now
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds | WIRED
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Managing Attack Surface | Huntress Blog
The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
Ivanti fixes critical Standalone Sentry bug reported by NATO
AceCryptor malware has surged in Europe, researchers say
Microsoft Copilot for Security: General Availability details
Loop DoS: New Denial-of-Service attack targets application-layer protocols
Top 5 Russian-Speaking Dark Web Forums
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Misconfigured Firebase instances leaked 19 million plaintext passwords
New Attack Techniques Bypassing ML Security
Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Researchers spot updated version of malware that hit Viasat
IT helpdeskers increasingly targeted by cybercriminals
Elon Musk's SpaceX builds spy satellite network for U.S. intelligence
'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors
National Vulnerability Database: Opaque changes and unanswered questions
Why hackers are targeting young public school students
Linux Foundation Launches Tazama: A Revolutionary Open Source Solution for Real-Time Fraud Management
Microsoft publie son outil interne de test de sécu d'IA générative
Exclusive: After LockBit’s takedown, its purported leader vows to hack on
Google Chrome gets real-time phishing protection later this month
The Architects of Evasion: a Crypters Threat Landscape
DarkGate Opens Organizations for Attack via Skype, Teams
Salt Labs research finds security flaws within ChatGPT Ecosystem (Remediated)
Researchers found multiple flaws in ChatGPT plugins
Secret Backdoor Codes in Safe Locks
GhostSec’s joint ransomware operation and evolution of their arsenal
World’s first major act to regulate AI passed by European lawmakers
LockBit ransomware affiliate gets four years in jail, to pay $860k
JetBrains vulnerability exploitation highlights debate over 'silent patching'
Plusieurs ministères visés par des attaques informatiques depuis dimanche, annonce Matignon
La Commission se félicite de l'accord politique obtenu sur le règlement relatif à la cybersolidarité
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
CISA forced to take two systems offline last month after Ivanti compromise
Russian spies keep hacking into Microsoft in 'ongoing attack,' company says
Switzerland: Play ransomware leaked 65,000 government documents
Flipper Zero WiFi phishing attack can unlock and steal Tesla cars
The Anatomy of an ALPHA SPIDER Ransomware Attack
Microsoft AI engineer says Copilot Designer creates disturbing images
US sanctions founder of spyware maker Intellexa for targeting Americans | TechCrunch
Duvel says it has "more than enough" beer after ransomware attack
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
ACEMAGIC Addresses Virus Incident: Proactive Measures and Solutions
RATs Distributed Through Skype, Zoom, & Google Meet Lures
Rapid7 flames JetBrains over vulnerability disclosure
BlackCat ransomware shuts down in exit scam, blames the "feds"
Ukraine Claims it Hacked Russian MoD - Infosecurity Magazine
CVE-2024-21762 Vulnerability Scanner for FortiGate…
How AMOS macOS Stealer Avoids Detection
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment
Russia’s chief propagandist leaks intercepted German military Webex conversation
Ubiquiti owners warned Moscow may build another botnet • The Register
ALPHV/BlackCat hits healthcare after retaliation threat, FBI says
Popular video doorbells can be easily hijacked, researchers find
US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica
Russia publishes German army meeting on Ukraine
NoName057(16) DDoSia project: 2024 updates and behavioural shifts
Here Come the AI Worms
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica
CISA cautions against using hacked Ivanti VPN gateways even after factory resets
Failles d’Ivanti : une centaine d’organisations victimes en France
The Predator spyware ecosystem is not dead
DNS Used to Hide Fake Investment Platform Schemes | Infoblox
BlackCat Ransomware Affiliate TTPs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Google CEO Sundar Pichai calls AI tool’s responses ‘completely unacceptable’
Paris 2024 : vol d'un ordinateur et de clés USB contenant des plans de sécurisation des JO
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Chatbots qui «hallucinent» et trompent les clients: quelle responsabilité légale? | ICTjournal
PIKABOT, I choose you!
SEO Poisoning to Domain Control: The Gootloader Saga Continues
LockBit ransomware returns, restores servers after police disruption
U.S. and U.K. Disrupt LockBit Ransomware Variant | United States Department of Justice
How your sensitive data can be sold after a data broker goes bankrupt
Ransomware Operation LockBit Reestablishes Dark Web Leak Site
Hackers Leak 2.5M Private Plane Owners' Data Linked to LA Intl. Airport Breach
Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data
Jamf says 9% of smartphone have fallen for phishing attacks
ChatGPT «devient fou», OpenAI s’explique
Multiple XSS flaws in Joomla can lead to remote code execution
Scattered Spider laying new eggs
Suisse: Le Team a été hackée, ce qu'on sait sur le ransomware
Internet Society veut empêcher Microsoft d'héberger les données de santé des Français
ConnectWise ScreenConnect: Authentication Bypass Deep Dive
A first analysis of the i-Soon data leak
Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update
European Parliament finds spyware on defense committee members’ phones
Anatsa Banking Trojan Resurfaces, Targets European Banks
Plus de 2000 serveurs Exchange suisses vulnérables à une faille
Police arrests LockBit ransomware members, release decryptor in global crackdown
Law enforcement disrupt world’s biggest ransomware operation
Cactus ransomware claim to steal 1.5TB of Schneider Electric data
Ransomware Experts See Problems With Banning Ransom Payments
LockBit ransomware gang disrupted by international law enforcement operation
Several Ukrainian media outlets attacked by Russian hackers
LockBit ransomware disrupted by global police operation
ESET fixed high-severity local privilege escalation bug in Windows products
Poland's PM says authorities in the previous government widely and illegally used Pegasus spyware | AP News
Cyberattaque : le Centre Hospitalier d’Armentières communique
Air Canada must honor refund policy invented by airline’s chatbot
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Google launches AI Cyber Defense Initiative to improve security infrastructure
New ‘Magic’ Gmail Security Uses AI And Is Here Now, Google Says
BMW security lapse exposed sensitive company information, researcher finds
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Spyware startup Variston is losing staff — some say it’s closing
Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations
Threat Intel Accelerates Detection & Response
Disrupting malicious uses of AI by state-affiliated threat actors
Patch Tuesday - February 2024
Imposer aux messageries de donner leurs clés pour déchiffrer les messages est illégal, estime la CEDH
Denmark orders schools to stop sending student data to Google
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
Zoom fixed critical flaw CVE-2024-24691 in Windows software
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
Portal Kombat : un réseau structuré et coordonné de propagande prorusse
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
EU capitals fear Russian retaliation and cyberattacks after asset freezes
Fake LastPass App Sneaks Past Apple's Review Team
KV-Botnet: Don’t call it a Comeback - Lumen
Vaud: le canton rompt un contrat à 6 millions avec Xplain
New RustDoor macOS malware impersonates Visual Studio update
World Govs, Tech Giants Sign Spyware Responsibility Pledge
Hyundai Motor Europe hit by Black Basta ransomware attack
Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice - United States Department of State
Ivanti: Patch new Connect Secure auth bypass bug immediately
Raspberry Pi Pico cracks BitLocker in under a minute
Ransomware Hit $1 Billion in 2023
Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million
Thanksgiving 2023 security incident
Chinese hackers infect Dutch armed forces network with malware
Fingerprint photo led investigators to therapy centre hacking suspect
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Government hackers targeted iPhones owners with zero-days, Google says
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Datasport subi un vol de données: 900’000 Suisses concernés
45,000 Jenkins servers remain vulnerable to RCE attacks
Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Zyxel VPN Series Pre-auth Remote Command Execution
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine
AnyDesk says hackers breached its production servers, resets passwords
There Are Too Many Damn Honeypots
Here is Apple's official 'jailbroken' iPhone for security researchers | TechCrunch
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'
DarkGate malware delivered via Microsoft Teams - detection and response
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
Binance Code and Internal Passwords Exposed on GitHub for Months
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
Hundreds of network operators’ credentials found circulating in Dark Web
New Go-based Malware Loader Discovered I Arctic Wolf
How a mistakenly published password exposed Mercedes-Benz source code
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Trello API abused to link email addresses to 15 million accounts
NSA is buying Americans’ internet browsing records without a warrant
Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs
Russian developer of Trickbot malware sentenced to five years in prison
Midnight Blizzard: Guidance for responders on nation-state attack
23andMe data breach: Hackers stole raw genotype data, health reports
Inside a Global Phone Spy Tool Monitoring Billions
X is being flooded with graphic Taylor Swift AI images
HPE reveals Russian attackers accessed internal emails
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog
Info Stealing Packages Hidden in PyPI
Atlassian Confluence Server RCE attacks underway
178,000 SonicWall firewalls are vulnerable to old DoS bugs
Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one
A backdoor with a cryptowallet stealer inside cracked macOS software
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Microsoft network breached through password-spraying by Russian-state hackers
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware
Ivanti Connect Secure VPN Exploitation: New Observations
Researcher uncovers one of the biggest password dumps in recent history
Why Join The Navy If You Can Be A Pirate?
A Victim of Mallox Ransomware: How Truesec CSIRT Fought Back
The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
MacOS info-stealers quickly evolve to evade XProtect detection
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
NoName057(16) |
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Ivanti Connect Secure VPN Exploitation Goes Global
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Further analysis of Denmark attacks leads to warning about unpatched network gear
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe
ShinyHunters member gets 3 years in prison for breaching 60 firms
Turkish hackers targeting database servers with Mimic ransomware
Anthropic researchers find that AI models can be trained to deceive
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
Hackers can infect network-connected wrenches to install ransomware
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Linux devices are under attack by a never-before-seen worm | Ars Technica
AirDrop 'Cracked' By Chinese Authorities to Identify Senders
Le service de renseignement suisse surveille aussi le trafic de données national
NSA official: hackers use AI bots like ChatGPT to perfect English
SEC Has Not Approved Bitcoin ETFs, but Its Hacked X Account Briefly Said Otherwise
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
Netgear, Hyundai latest X accounts hacked to push crypto drainers
Dutch man sabotaged Iranian nuclear program without Dutch government's knowledge: report
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
Analyzing DPRK's SpectralBlur
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Hackers hijack govt and business accounts on X for crypto scams
Hacker hijacks Orange Spain RIPE account to cause BGP havoc
The State of Ransomware in the U.S.: Report and Statistics 2023
Qualcomm chip vulnerability enables remote attack by voice call
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators
After ransomware claims, Xerox says subsidiary hit with cyberattack
Objective-See's Blog
Les autorités suisses disposeront de moyens renforcés | blue News
Slack Security Update