Researchers have identified an actively evolving social engineering campaign aimed at gaining initial access to corporate IT systems for further exploitation. The perpetrators bombard enterprises with spam emails to capture the attention of employees....
The developers of Cacti, an open-source system for network monitoring and management, have addressed 12 vulnerabilities, including two critical ones leading to arbitrary code execution. Here are the most severe vulnerabilities that have been...
A highly alarming situation is emerging in the world of cybersecurity. A hacker known by the pseudonym “Cvsp” has announced on a cybercrime forum the sale of an RCE exploit for a zero-day vulnerability...
Recently, hackers have increasingly employed DNS tunneling to monitor when victims open phishing emails and click on malicious links, as well as to scan networks for vulnerabilities. DNS tunneling involves encoding data or commands...
Since April of this year, millions of phishing emails have been sent through the Phorpiex botnet as part of a large-scale campaign employing LockBit Black ransomware. This warning comes from the New Jersey Cybersecurity...
On May 6, the Cybernews research team discovered an enormous dataset on the internet containing personal information exclusively of Chinese citizens. The volume of data has already exceeded 1.2 billion records and continues to...
Security researchers from Phylum have discovered a malicious package in the popular PyPI repository, masquerading as the well-known library “requests,” but posing a significant threat to the entire developer community. The package, named “requests-darwin-lite,”...
The malicious actor known as IntelBroker claims to have stolen confidential documents from Europol’s Europol Platform for Experts (EPE). Europol has confirmed the breach of the EPE portal, designed for knowledge and methodology exchange...
eSentire has reported a new wave of attacks by the FIN7 hacker group, which has disguised itself as well-known brands to distribute malware. The attacks targeted users who clicked on fake ads in Google,...
According to a joint report by the FBI and CISA, affiliates of the Black Basta group attacked over 500 organizations from April 2022 to May 2024. The group also encrypted and stole data from...
Google has issued an urgent security update for its Chrome browser to address a high-severity “out of bounds write” vulnerability in its V8 JavaScript engine, tracked as CVE-2024-4761. This vulnerability has been confirmed as...
The North Korean hacker group Kimsuky employs sophisticated cyber espionage techniques, including the use of social networks and system management tools, according to a recent report by the South Korean company Genians. Kimsuky actively...
The head of WPP, the world’s largest advertising group, fell victim to a sophisticated fraud involving deepfake technology, including the cloning of voices through artificial intelligence. CEO Mark Read alerted the leadership in an...
Sysdig specialists have uncovered a novel attack scheme where stolen cloud service credentials are utilized to access cloud-based LLM (Large Language Model) services, aiming to resell access to other cybercriminals. This discovered attack, dubbed...
Citrix has issued a warning to its clients regarding the need for manual mitigation of a vulnerability in the SSH client PuTTY, which could allow malicious actors to steal the SSH private key of...
Dell has confirmed a data breach affecting approximately 49 million customers who have purchased its products since 2017. The incident involved Dell’s portal where customer purchase information was stored. The leaked data includes names,...
