According to Group-IB, between January and October 2023, the darknet saw the sale of over 225,000 logs containing compromised user credentials for ChatGPT. These credentials were found in the logs of info-stealers such as...
Nepalese cybersecurity researcher Samip Aryal made history by identifying a vulnerability in Facebook’s password reset system that allowed a malefactor to seize any account without any action from the victim. Aryal’s discovery not only...
In the JetBrains TeamCity On-Premises software, two new security vulnerabilities were identified that could be exploited by malefactors to seize control over the affected systems. The vulnerabilities, assigned the identifiers CVE-2024-27198 with a CVSS...
Trend Micro recently unveiled a new wave of activity by the ransomware group RA World, also known as the RA Group. This group initiated its malicious operations in April 2023 and has, over its tenure,...
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has issued an advisory warning about the known attack methodologies and indicators of compromise utilized by the Phobos ransomware group. This guidance aims...
Insikt Group has identified a new infrastructure purportedly utilized by operators of the commercial spyware Predator in at least 11 countries. Through an examination of domains potentially employed for disseminating the software, experts pinpointed...
Researchers at Consumer Reports (CR) have uncovered vulnerabilities in video doorbells manufactured by China’s Eken Group Ltd. The company, which produces devices under the EKEN and Tuck brand names, distributes its products through major...
Chunghwa Telecom, Taiwan’s largest telecommunications company, recently suffered a cyberattack allegedly orchestrated by the Chinese government. This breach resulted in the theft of 1.7 TB of data, encompassing information about the island’s governmental structure....
The European retail chain Pepco was deceitfully coerced into transferring a substantial amount of funds to fraudsters through an intricate phishing attack, as disclosed in its official press release. The Hungarian division of Pepco...
In a groundbreaking study, a team of scientists has unveiled the creation of the first-of-its-kind malicious AI worm capable of autonomously spreading among generative AI agents, paving the way for potential data theft and...
Lookout has reported that the new phishing toolkit, CryptoChameleon, has become a tool for attacks against employees of the Federal Communications Commission (FCC), utilizing a counterfeit Okta authentication system. The campaign targets users and...
In Germany, the Düsseldorf police conducted a raid against Crimemarket, the largest German-speaking marketplace for illegal trade, which had amassed a community of over 180,000 users. The operation resulted in the arrest of six...
Researchers have unveiled a novel menace targeting telecommunications networks: the cunning Linux-based backdoor, GTPDOOR, exploiting GPRS protocol vulnerabilities to clandestinely monitor infected devices. This malevolent software, linked to the notorious hacking collective LightBasin previously...
Semperis has unveiled a novel attack technique named Silver SAML, capable of circumventing protection in identification systems. Silver SAML enables the utilization of SAML to initiate attacks from the identity provider’s side (such as...
Researchers at Apiiro investigated a widespread campaign of attacks on the GitHub platform using malicious repositories. The experts identified over 100,000 counterfeit repositories, mimicking popular open-source projects to disseminate malware. The number of such...
Two Chinese hacking factions, known as UNC5325 and UNC3886, breached the security systems of software developed by Ivanti, which is deployed for safeguarding Virtual Private Networks (VPN). Mandiant experts discovered that UNC5325 exploited a...
