Information Security News Blog
In December 2023, media organizations and prominent North Korean affairs experts became the targets of a new malicious campaign orchestrated by the hacker group ScarCruft. Researchers at SentinelOne reported that the group is experimenting...
According to a blog post penned by Google’s Vice President Parisa Tabriz, as reported by Wccftech, the Chrome browser is set to undergo enhancements based on artificial intelligence capabilities. The forthcoming version aims to...
Trezor, a developer of hardware wallets for cryptocurrency, has reported a data breach. The attack occurred on January 17, 2024, when malefactors gained unauthorized access to a third-party technical support portal. While the investigation...
Cybersecurity researchers from Jamf Threat Labs have analyzed over 10,000 scripts utilized by the Parrot Traffic Direction System (TDS) and unearthed significant advancements in the optimization of these scripts. These enhancements render the malicious...
Before the U.S. Securities and Exchange Commission’s (SEC) official announcement of the approval of a Bitcoin ETF, hackers hijacked the SEC’s official X/Twitter account and disseminated information regarding the ETF’s approval. Subsequently, the price...
Trellix, a cybersecurity firm, has unveiled a new sophisticated Java-based tool for information theft, employing a Discord bot to pilfer confidential data from compromised hosts. Named NS-STEALER, the malware disseminates via ZIP archives, masquerading...
Varonis, a cybersecurity firm, has unearthed a new vulnerability in Microsoft products, alongside several attack methodologies that allow malefactors to acquire users’ password hashes. Identified as CVE-2023-35636, this critical vulnerability affects the shared calendar...
According to researchers from Jamf Threat Labs, pirated applications for the macOS operating system distributed on Chinese websites are embedded with malicious software that grants attackers remote access to infected computers. Among these applications...
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has urgently issued a directive, urging Federal Civilian Executive Branch (FCEB) agencies to mitigate the effects of two actively exploited zero-day vulnerabilities in...
GitHub, a platform for programmers, is a popular and favorite tool for hackers, used to store and distribute malware. According to a recent report by Recorded Future, a cybersecurity company based in the United...
Trustwave has issued a warning regarding the notable surge in the exploitation of a patched vulnerability within Apache ActiveMQ, aimed at deploying the Godzilla web shell onto compromised hosts. The web shells, concealed in...
The cybercriminal group TA866, renowned for its phishing endeavors, has resumed its malevolent operations after a nine-month hiatus, according to cybersecurity firm Proofpoint. Recently, the hackers have launched a widespread campaign targeting users in...