XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT...
NSFOCUS has identified a resurgence of the XorBot botnet, a potent threat to Internet of Things (IoT) devices worldwide. First observed in late 2023, XorBot has evolved significantly, introducing...
View ArticleJenkins Users Beware: Multiple Security Vulnerabilities Discovered
Jenkins, the widely-used open-source automation server, has issued a security advisory addressing multiple vulnerabilities impacting both its core system and associated plugins. These flaws, ranging...
View ArticleCybercrime as an Industry: A Deep Dive into the Organizational Structure of...
In a recent study from the University of Oxford, sociologist Qiaoyu Luo explores the industrialisation of cybercrime in China, revealing a highly organised and profit-driven ecosystem. The report sheds...
View ArticleHPE Insight Remote Support Hit with Critical Vulnerabilities, Urgent Patch...
HPE has issued an urgent security bulletin addressing multiple critical vulnerabilities discovered in its Insight Remote Support service. These flaws could allow attackers to gain unauthorized access...
View ArticleANEL Backdoor Reactivated in Earth Kasha Cyber-Espionage Campaign
In June 2024, Trend Micro identified a new spear-phishing campaign targeting political organizations, research institutions, and think tanks in Japan. This operation, attributed to the cyber-espionage...
View ArticleElpaco Ransomware: A New Threat Actor Leverages CVE-2020-1472 for Global Attacks
Kaspersky Labs has unveiled a sophisticated new ransomware variant named Elpaco, which has emerged as an evolution of the Mimic ransomware family. This advanced malware exhibits a plethora of...
View Article35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT...
Aqua Nautilus researchers have uncovered a major Distributed Denial-of-Service (DDoS) campaign led by a threat actor operating under the name Matrix. This operation, detected through honeypot...
View ArticleCVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix
Zabbix, a popular open-source IT infrastructure monitoring tool used by organizations worldwide, has been found to contain a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS score of...
View ArticlePixPirate Resurfaces: Spreading via WhatsApp and Expanding Beyond Brazil
A new iteration of the PixPirate malware has been detected by IBM Trusteer researchers, marking the resurgence of a highly sophisticated threat originally observed in 2021. The malware, known for......
View ArticleBlack Friday Fake Stores Surge 110%: How LLMs and Cheap Domains Empower...
The 2024 holiday shopping season is witnessing an alarming rise in fraudulent e-commerce activity. According to Netcraft, fake online stores have surged by 110% between August and October, capitalizing...
View ArticleMassive Illegal Streaming Network Dismantled in Europe-Wide Operation
In a major crackdown on illegal streaming, law enforcement agencies across Europe, with support from Europol and Eurojust, have successfully dismantled a vast network responsible for illicitly...
View ArticleCVE-2024-42330 (CVSS 9.1): Zabbix Patches Critical Remote Code Execution...
Popular open-source monitoring tool Zabbix has released urgent security updates to address a critical vulnerability that could allow attackers to execute arbitrary code on vulnerable systems. The...
View ArticleTikTok Takes Aim at Appearance-Altering Filters and Underage Users in Latest...
In a move driven by both legal pressures and growing concerns about the impact of social media on young people, TikTok has announced new measures to restrict the use of... The post TikTok Takes Aim at...
View ArticleCredit Card Skimmer Malware Uncovered: Targeting Magento Checkout Pages
Magento, a leading eCommerce platform, has once again become the target of sophisticated cybercriminal tactics. Security Analyst Puja Srivastava, from Sucuri, recently reported on a malicious...
View ArticleContiki-NG IoT OS Patches Critical Vulnerabilities
Researchers have identified and addressed three critical vulnerabilities in Contiki-NG, a popular open-source operating system for Internet of Things (IoT) devices. These vulnerabilities could allow...
View ArticleBeyond FUD Links: Rockstar PaaS Kit Exploits Trusted Platforms for Phishing
The Rockstar Phishing-as-a-Service (PaaS) kit has caught the attention of cybersecurity experts for its advanced and devious tactics to bypass email defenses. In a report from Trustwave SpiderLabs,...
View ArticleGodot Engine Compromised: Malware Distributed via GodLoader
Check Point Research has identified the misuse of the Godot game engine—a popular, open-source tool for game development—as a platform for distributing malware. Dubbed GodLoader, this novel technique...
View ArticleInteger Overflow Vulnerability in Windows Driver Enables Privilege...
An independent researcher has uncovered a critical vulnerability in the ksthunk.sys driver, a component of the Windows operating system responsible for facilitating 32-bit to 64-bit process...
View ArticleMalicious npm Packages Threaten Crypto Developers: Keylogging and Wallet...
Researchers at Socket have uncovered a malicious campaign targeting crypto developers. The attacker, operating under the pseudonym “topnotchdeveloper12”, has published three malicious npm...
View ArticleEvasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit
Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Vietnamese-speaking users. With advanced...
View Article