Malicious npm Packages Exploit Ethereum Smart Contracts
A malicious campaign using Ethereum smart contracts has been observed targeting developers via npm and GitHub
Information Security Magazine
Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor
3 weeks 5 days ago
The backdoor is a sophisticated VBA-based malware targeting Microsoft Outlook
Major IPTV Piracy Network Uncovered Spanning 1100 Domains
3 weeks 5 days ago
A massive IPTV privacy network has been uncovered distributing unlicensed content from major brands including Apple TV, Disney+, HBO, Netflix and more
Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach
3 weeks 5 days ago
Cloudflare has notified customers that hackers may have accessed their data as part of the Salesloft Drift campaign
Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links
3 weeks 5 days ago
Barracuda observed new methods to disguise phishing links in Tycoon phishing attacks, which are designed to bypass automated email security systems
Brazilian Fintech Giant Sinqia Reveals $130m Heist Attempt
3 weeks 5 days ago
Evertec subsidiary Sinqia has posted details of an attempt to steal $130m from two B2B partners
ICE Reinstates Contract with Spyware Vendor Paragon
3 weeks 6 days ago
The US Immigration agency has resumed a $2m contract with the Graphite spyware developer, now owned by US investor AE Industrial Partners
Malicious npm Package Masquerades as Popular Email Library
3 weeks 6 days ago
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
Azure AD Credentials Exposed in Public App Settings File
3 weeks 6 days ago
Experts have revealed an Azure AD vulnerability exposing ClientId and ClientSecret in a publicly accessible appsettings.json file
Jaguar Cyber Incident "Severely Disrupts" Sales and Operations
3 weeks 6 days ago
Jaguar has proactively shut down systems to mitigate the impact of the incident, amid reports that workers at a UK manufacturing plant had been told to stay at home
UK NCSC Supports Public Disclosure for AI Safeguard Bypass Threats
3 weeks 6 days ago
The UK National Cyber Security Centre thinks public disclosure programs could help mitigate AI safety threats
Zscaler Customer Info Taken in Salesloft Breach
3 weeks 6 days ago
Zscaler has emerged as the latest corporate victim of a supply chain attack targeting Salesforce data
Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor
4 weeks ago
Silver Fox APT abuses Microsoft-signed drivers to kill antivirus and deploy ValleyRAT remote-access backdoor
High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users
4 weeks ago
A vulnerability in the WordPress Paid Memberships Subscription plugin could lead to unauthenticated SQL injection on affected sites
Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases
4 weeks ago
Pennsylvania’s Attorney General confirmed the OAG had refused to pay a ransom demand to the attackers after files were encrypted
Amazon Stops Russian APT29 Watering Hole Attack Exploiting Microsoft Auth
4 weeks ago
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon
Salesloft Attacks Target Google Workspace
4 weeks ago
Adversaries targeting the Salesloft Drift application integration with Salesforce have also compromised Google Workspace accounts
WhatsApp Patches Zero-Day, Zero-Click Flaw
4 weeks ago
WhatsApp has fixed a zero-day vulnerability linked to a sophisticated cyber-attack
North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans
1 month ago
Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
1 month ago
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
Checked
4 hours 2 minutes ago