Cybercriminals Target US Citizens with Zoom and SSA Phishing Scams
Cybercriminals are exploiting a clever Zoom phishing scam to distribute ScreenConnect remote access software, potentially enabling them to defraud unsuspecting victims, including Social Security...
View ArticleFake Palo Alto Tool Delivers Sophisticated Malware in Middle East Cyberattack
Trend Micro researchers have identified a sophisticated malware campaign specifically targeting organizations in the Middle East. This campaign leverages a meticulously crafted tool masquerading as the...
View ArticleRansomHub Targets Prasarana Malaysia: 316 GB of Stolen Data Threatened with...
Prasarana Malaysia Berhad, the largest public transportation operator in Malaysia, has confirmed reports of unauthorized access to its internal systems, as previously circulated on social media. The...
View ArticleCthulhu Stealer: New Malware Threatens macOS Users
Researchers at Cado Security have discovered a new piece of malware targeting macOS users. This malware, named “Cthulhu Stealer,” is designed to harvest a wide range of data from Apple... The post...
View ArticlePeach Sandstorm Deploys New Tickler Malware in Persistent Espionage Campaigns
Microsoft Threat Intelligence has identified a sophisticated campaign by the Iranian state-sponsored group known as Peach Sandstorm. Between April and July 2024, the group deployed a custom multi-stage...
View ArticleNew Snake Keylogger Variant Slithers Into Phishing Campaigns
Fortinet’s FortiGuard Labs has unearthed a new variant of the notorious Snake Keylogger, delivered through a malicious Excel document in a phishing campaign. This keylogger, also known as “404...
View ArticleNorth Korean Cyberattacks Persist: Developers Targeted via npm
Recent findings by the Phylum Research Team have brought to light a resurgence of malicious activities on the npm registry, with multiple attack vectors originating from groups aligned with North......
View ArticleRocinante Banking Malware: Keylogging, Phishing, and Full Device Takeover
ThreatFabric, a prominent cybersecurity firm, has issued a warning about a new strain of banking malware dubbed “Rocinante,” currently targeting customers of Brazilian financial institutions. This...
View ArticleCVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door...
A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a...
View ArticleOperation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled
The QiAnXin Threat Intelligence Center has disclosed the technical details of a sophisticated cyber espionage campaign dubbed “Operation DevilTiger,” orchestrated by the elusive APT-Q-12 group, also...
View ArticlePoC Exploit Releases for Unauthenticated XXE Flaw CVE-2024-38653 in Ivanti...
Recently, security researcher D4mianWayne published the technical details and a proof-of-concept (PoC) exploit code for a high-severity vulnerability, CVE-2024-38653, in Ivanti Avalanche. This...
View ArticleCVE-2024-5274: Chrome Zero-Day Exploited by APT29, PoC Exploit Published
A zero-day vulnerability in Google Chrome (CVE-2024-5274) has been publicly disclosed, along with technical details and a proof-of-concept (PoC) exploit, potentially escalating the risk for users...
View ArticleGodzilla Backdoor: A Stealthy Threat Targeting Atlassian Confluence Flaw...
A recent discovery by cybersecurity researchers at Trend Micro has unveiled a sophisticated new attack vector targeting Atlassian Confluence servers, leveraging the critical CVE-2023-22527...
View ArticleGoogle TAG Uncovers Watering Hole Attacks on Mongolian Government Websites
In a revealing report, Google’s Threat Analysis Group (TAG) has uncovered a series of sophisticated watering hole attacks targeting Mongolian government websites between November 2023 and July 2024....
View ArticleDeepfake Scams on the Rise: CEOs, News Anchors, and Government Officials...
Cybersecurity researchers at Palo Alto Networks warn of a growing trend of deepfake scam campaigns targeting individuals worldwide. These sophisticated scams leverage AI-generated deepfake videos...
View ArticleCzech Officials Targeted in Sophisticated Malware Campaign Disguised as NATO...
Seqrite Labs APT-Team has uncovered a sophisticated malware campaign, dubbed “Operation Oxidový,” that targets the Czech government and military officials. The campaign, which began in May 2024,...
View ArticleMinecraft Server Hit with Record-Breaking 3.15 Billion Packet Rate DDoS Attack
Global Secure Layer (GSL), a prominent cybersecurity firm, recently mitigated the largest packet rate DDoS attack ever recorded on its platform. The assault targeted a Minecraft gaming customer,...
View ArticleCVE-2024-7971: North Korean APT Citrine Sleet Exploits Chromium Zero-Day
In a recent cybersecurity report, Microsoft Threat Intelligence has revealed that a North Korean threat actor, believed to be Citrine Sleet, has been actively exploiting a zero-day vulnerability...
View ArticleManticoraLoader: The New Malware-as-a-Service Threat
Cyble Research & Intelligence Labs (CRIL) has uncovered the release of a new malware-as-a-service (MaaS) tool known as ManticoraLoader. The service, announced by the notorious threat actors behind...
View ArticleEvasive Phishing Campaign Delivers AsyncRAT and Infostealer
Cybersecurity researchers at eSentire’s Threat Response Unit (TRU) have uncovered a sophisticated phishing campaign distributing the AsyncRAT remote access trojan (RAT) coupled with the Infostealer...
View Article