Trezor, a developer of hardware wallets for cryptocurrency, has reported a data breach. The attack occurred on January 17, 2024, when malefactors gained unauthorized access to a third-party technical support portal. While the investigation...
Cybersecurity researchers from Jamf Threat Labs have analyzed over 10,000 scripts utilized by the Parrot Traffic Direction System (TDS) and unearthed significant advancements in the optimization of these scripts. These enhancements render the malicious...
Before the U.S. Securities and Exchange Commission’s (SEC) official announcement of the approval of a Bitcoin ETF, hackers hijacked the SEC’s official X/Twitter account and disseminated information regarding the ETF’s approval. Subsequently, the price...
Trellix, a cybersecurity firm, has unveiled a new sophisticated Java-based tool for information theft, employing a Discord bot to pilfer confidential data from compromised hosts. Named NS-STEALER, the malware disseminates via ZIP archives, masquerading...
Varonis, a cybersecurity firm, has unearthed a new vulnerability in Microsoft products, alongside several attack methodologies that allow malefactors to acquire users’ password hashes. Identified as CVE-2023-35636, this critical vulnerability affects the shared calendar...
According to researchers from Jamf Threat Labs, pirated applications for the macOS operating system distributed on Chinese websites are embedded with malicious software that grants attackers remote access to infected computers. Among these applications...
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has urgently issued a directive, urging Federal Civilian Executive Branch (FCEB) agencies to mitigate the effects of two actively exploited zero-day vulnerabilities in...
GitHub, a platform for programmers, is a popular and favorite tool for hackers, used to store and distribute malware. According to a recent report by Recorded Future, a cybersecurity company based in the United...
Trustwave has issued a warning regarding the notable surge in the exploitation of a patched vulnerability within Apache ActiveMQ, aimed at deploying the Godzilla web shell onto compromised hosts. The web shells, concealed in...
The cybercriminal group TA866, renowned for its phishing endeavors, has resumed its malevolent operations after a nine-month hiatus, according to cybersecurity firm Proofpoint. Recently, the hackers have launched a widespread campaign targeting users in...
A cybercriminal group linked to China, known as UNC3886, has clandestinely exploited a critical zero-day vulnerability in the VMware vCenter Server management system since late 2021. This revelation was disclosed in a recent report...
Kansas State University, a prominent public research institution offering 65 master’s and 45 doctoral programs, has encountered a significant cyber incident. The university, home to approximately 20,000 students and 1,400 academic staff, reported disruptions...
A new campaign targeting vulnerable Docker services is deploying the XMRig miner and the 9hits application, enabling a dual monetization strategy on compromised hosts. This marks the first documented instance of the 9Hits application...
This week, Swiss websites encountered a series of Distributed Denial of Service (DDoS) attacks. According to the Swiss National Cybersecurity Centre (NCSC), these assaults temporarily disrupted access to several websites managed by the Federal...
In a recent report by Huntress, it was revealed that cybercriminals are once again employing TeamViewer, a legitimate remote access tool, for initial penetration into corporate devices and attempts to deploy ransomware. The first...
Two menacing new vulnerabilities, CVE-2023-44452, and CVE-2023-51698, have been unmasked within the Linux universe. This critical Remote Code Execution (RCE) flaw, discovered by security researcher Febin Mon Saji, targets unsuspecting users of popular Linux...
