Researchers from Trustwave have reported a steady increase in the use of a Phishing-as-a-Service (PhaaS) platform called Greatness, which targets the collection of Microsoft 365 user credentials. Greatness is marketed to other cybercriminals as...
Security experts from Malwarebytes have recently uncovered a malicious campaign targeting Chinese-speaking users, who fell victim to cybercriminals through the Google Ads advertising service. Cybercriminals exploited Google advertiser accounts to create fraudulent ads that...
Numerous publicly available Proof-of-Concept (PoC) exploits for a critical vulnerability in Jenkins, which allow an unauthenticated attacker to read arbitrary files, have emerged, and cyber criminals are already actively leveraging these flaws in their...
A critical zero-click vulnerability, CVE-2023-7028 (rated CVSS 10.0) has been discovered by researchers in over 5,300 instances of GitLab accessible from the internet. Although the issue has been rectified in the latest versions of...
Researchers at Arctic Wolf have discovered a new malicious downloader, crafted in the Go language and dubbed CherryLoader. This threat, previously observed in the wild, aims to facilitate the delivery of additional malware onto...
The cybersecurity firm Orca Security has identified a vulnerability in Google Kubernetes Engine (GKE) that enables individuals with a Google account to gain control over Kubernetes clusters. This issue has been codenamed Sys:All. It...
In today’s world, where technology has reached an advanced level of development, the issue of global surveillance becomes particularly pressing. According to an investigation by 404 Media, hundreds of thousands of popular applications are...
The Slovak cybersecurity firm ESET has uncovered the operations of a previously unknown hacker group linked to China, christening it with the codename Blackwood. Active since 2018, this group has specialized in adversary-in-the-middle (AitM),...
A recent study by Dutch researcher Tom Meurs from the University of Twente has uncovered factors influencing the likelihood of ransomware victims paying ransoms to cybercriminals. The analysis utilized data from the Dutch police...
At the outset of this week, Microsoft disclosed that its corporate email system had been compromised by the Russian-speaking hacker collective known as Midnight Blizzard (also recognized as Nobelium, APT29, and Cozy Bear), wherein...
The prominent British firm Southern Water, responsible for water supply and sewage treatment across southern England, including Hampshire, the Isle of Wight, West and East Sussex, as well as parts of Kent, was subjected...
Gcore, a company specializing in cybersecurity, recently published its regular report dedicated to trends in DDoS attacks. The report highlights a significant surge in the power of DDoS attacks over the past three years,...
A recent study by Infoblox has unveiled the existence of a vast “criminal affiliate program” involving renowned cybercriminal groups ClearFake, SocGholish, and dozens of others, with VexTrio acting as the primary partner. VexTrio is...
The British government has called upon leaders of major corporations to “strengthen” their defenses against cyberattacks, treating this threat as a critical business risk on par with financial and legal challenges. This appeal followed...
ReversingLabs has identified two malicious modules in the widely-used NPM package registry, which utilize GitHub to store SSH keys encrypted in Base64 that had previously been pilfered from developers’ systems. The modules, named warbeast2000...
Security researchers hacked a Tesla car modem and received a total reward of $722,500 on the first day of the Pwn2Own Automotive 2024 competition, currently taking place in Tokyo. Today, white-hat hackers discovered no...
