BSA names Vi ta ly Ni ko lae vich Kovalev is "Stern," the leader of Trickbot. For years, members of the Russian cybercrime cartel Trickbot unleashed a relentless hacking spree
Published: 2025-05-31T13:32:08
Backdoor giving full administrative control can survive reboots and firmware updates. Thousands of home and small office routers manufactured by Asus are being infected with a
Published: 2025-05-28T22:12:07
Victims include hospitality, retail and education sectors A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modifi
Published: 2025-06-04T15:05:38
Out-of-band is becoming the norm rather than the exception Microsoft is patching another patch that dumped some PCs into recovery mode with an unhelpful error code.
Published: 2025-06-03T13:33:05
Take care when downloading AI freebies, researcher tells The Register Criminals are using installers for fake AI software to distribute ransomware and other destructive malware.
Published: 2025-05-30T10:25:11
'The operating system couldn't be loaded' is never a great message Microsoft's latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recomme
Published: 2025-05-29T21:46:42
The data analytics firm LexisNexis Risk Solutions says it suffered a breach that could have exposed the names, Social Security numbers, contact information, and driver's license numbers of over 364,000 people, as reported earlier by TechCrunch. In a notice filed with the state of Maine, LexisNexis says an unauthorized third party accessed its data through […] 
The data analytics firm LexisNexis Risk Solutions says it suffered a breach that could have exposed the names, Social Security numbers, contact information, and driver’s license numbers of over 364,000 people, as reported earlier by TechCrunch. In ...
Published: 2025-05-28T12:44:57
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. [...]
Published: 2025-06-08T10:17:27
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]
Published: 2025-06-07T15:31:21
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]
Published: 2025-06-07T10:11:21
U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. [...]
Published: 2025-06-06T13:14:17
Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. [...]
Published: 2025-06-06T11:26:10
A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. [...]
Published: 2025-06-06T10:40:31
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]
Published: 2025-06-06T09:53:40
The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. [...]
Published: 2025-06-05T17:35:43
Introduction Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organizations' Salesforce instances for large
Published: 2025-06-04T14:00:00
Written by: Patrick Whitsell Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited government website hosting m
Published: 2025-05-28T14:00:00
Written by: Diana Ion, Rommel Joven, Yash Gupta Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos bas
Published: 2025-05-27T05:00:00
Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime g... 
Published: 2025-05-28T17:41:47
Security, not model performance, is what's stalling adoption Interview Before AI becomes commonplace in enterprises, corporate leaders have to commit to an ongoing security testing regime tuned to the nuances of AI models.
Published: 2025-06-08T13:00:12
OpenAI boots accounts linked to 10 malicious campaigns Fake IT workers possibly linked to North Korea, Beijing-backed cyber operatives, and Russian malware slingers are among the baddies using ChatGPT for evil, according to OpenAI's latest threat report.
Published: 2025-06-06T19:56:37
Destructive malware has been a hallmark of Putin's multi-modal war A new strain of wiper malware targeting Ukrainian infrastructure is being linked to pro-Russian hackers, in the latest sign of Moscow's evolving cyber tactics.
Published: 2025-06-06T16:01:13
The cash has been frozen for more than two years The US is looking to finally capture the $7.74 million it froze over two years ago after indicting alleged money launderers it claims are behind North Korean IT worker schemes.
Published: 2025-06-06T13:14:53
Don't negotiate unless you must, and if so, drag it out as long as you can Feature So, the worst has happened. Computer screens all over your org are flashing up a warning that you've been infected by ransomware, or you've got a message that someone's been stealing information from your server.
Published: 2025-06-06T11:30:08
Any info on Maxim Rudometov and his associates? There's $$$ in it for you The US government is offering up to $10 million for information on foreign government-backed threat actors linked to the RedLine malware, including its suspected developer, Maxim Alexandrovich Rudometov.
Published: 2025-06-05T23:04:24
Re-selling info from an earlier breach? Probably. But which one? AT&T is investigating claims that millions of its customers' data are listed for sale on a cybercrime forum in what appears to be a re-release from an earlier hack.
Published: 2025-06-05T22:05:31
Trump-pardoned hacker Chris Wade will join the company as CTO Cellebrite has announced a $170 million deal to buy Corellium, bringing together two companies that have made names for themselves by helping law enforcement break into encrypted devices.
Published: 2025-06-05T20:10:14
Plus: Plankey's confirmation process 'temporarily delayed' Sean Cairncross, President Donald Trump's nominee to serve as national cyber director, doubled down on taking offensive cyber actions against foreign adversaries during a Senate homeland security committee nomination hearing on Thursday, and refused to condemn the president's proposed cuts to the main US cyber defense agency.
Published: 2025-06-05T19:40:48
Dark web crime platform raked in $17M+ over three years of operation Uncle Sam has seized 145 domains tied to BidenCash, the notorious dark web market that trafficked in more than 15 million stolen credit cards.
Published: 2025-06-05T17:06:27
Someone went to great lengths to prey on the next generation of cybercrooks Sophos thinks a single person or group called "ischhfd83" is behind more than a hundred backdoored malware variants targeting novice cybercriminals and video game cheaters looking to get their hands on malicious code.
Published: 2025-06-05T14:33:06
It's definitely not a cyberattack though! Really! The UK's tax collections agency says cyberbaddies defrauded it of 47 million ($63 million) late last year, but insists the criminal case was not a cyberattack.
Published: 2025-06-05T10:34:42
Researchers have come up with a fix for a path traversal bug first spotted in 2010 A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life.
Published: 2025-06-05T06:29:12
The authors who claimed America hacked itself to discredit Beijing are back with another report China's National Computer Virus Emergency Response Center on Thursday published a report in which it claims Taiwan targeted it with a years-long cyber offensive, backed by the USA, but which was so feeble Beijing complains compared it to an ant trying to shake a tree .
Published: 2025-06-05T04:49:02
To make matters worse, IBM's security software has a critical vuln caused by an exposed password IBM isn't having its best week after the company experienced another cloudy outage and a critical-rated vulnerability.
Published: 2025-06-05T02:32:09
Recompiled binaries and phone threats used to boost the pressure Groups linked with the Play ransomware have exploited more than 900 organizations, the FBI said Wednesday, and have developed a number of new techniques in their double-extortion campaigns - including exploiting a security flaw in remote-access tool SimpleHelp if orgs haven't patched it.
Published: 2025-06-04T23:40:05
Drones are not enough Following a daring drone attack on Russian airfields, Ukrainian military intelligence has reportedly also hacked the servers of Tupolev, the Kremlin's strategic bomber maker.
Published: 2025-06-04T20:53:58
Literally adding insult to injury Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online.
Published: 2025-06-04T19:42:09
Victims include hospitality, retail and education sectors A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce's Data Loader that allows the crims to steal sensitive data.
Published: 2025-06-04T15:05:38
Did somebody say ransomware? Not the newspaper group, not even to deny it Regional newspaper publisher Lee Enterprises says data belonging to around 40,000 people was stolen during an attack on its network earlier this year.
Published: 2025-06-04T13:35:14
Government details latest initiative following announcement last week Revealing more details about the Cyber and Electromagnetic (CyberEM) military domain, the UK's Ministry of Defence (MoD) says "there are pockets of excellence" but improvements must be made to ensure the country's capability meets the needs of national defense.
Published: 2025-06-04T09:21:14
Why? There's a war in Europe, Finland has a belligerent neighbor, and cyber is a settled field Interview Mikko Hypp nen has spent the last 34 years creating security software that defends against criminals and state-backed actors, but now he's moving onto drone warfare.
Published: 2025-06-04T07:30:08
CEO of India's KiranaPro, which brings convenience stores online, vows to name the perp The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator.
Published: 2025-06-04T03:58:11
Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins Security researchers say Meta and Yandex used native Android apps to listen on localhost ports, allowing them to link web browsing data to user identities and bypass typical privacy protections.
Published: 2025-06-03T23:18:04
Microsoft, CrowdStrike, and pals promise clarity on cybercrew naming, deliver alias salad instead Opinion Microsoft and CrowdStrike made a lot of noise on Monday about teaming up with other threat-intel outfits to "bring clarity to threat-actor naming."
Published: 2025-06-03T22:21:05
TAG team spotted the V8 bug first, so you can bet nation-states weren't far behind Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day.
Published: 2025-06-03T19:23:09
Musk's 'Bitcoin-style encryption' claim has experts scratching their heads Elon Musk's X social media platform is rolling out a new version of its direct messaging feature that the platform owner said had a "whole new architecture," but as with many a Muskian proclamation, there's reason to doubt what's been said.
Published: 2025-06-03T18:02:08
Outdoorsy brand blames credential stuffing Joining the long queue of retailers dealing with cyber mishaps is outdoorsy fashion brand The North Face, which says crooks broke into some customer accounts using login creds pinched from breaches elsewhere.
Published: 2025-06-03T17:39:24
Out-of-band is becoming the norm rather than the exception Microsoft is patching another patch that dumped some PCs into recovery mode with an unhelpful error code.
Published: 2025-06-03T13:33:05
To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools.
Published: 2025-06-03T11:23:15
Nothing terribly valuable taken in data heist, though privacy a little tarnished Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.
Published: 2025-06-03T09:52:21
A real-world Trojan Horse attack Ukraine claims it launched a cunning drone strike on Sunday against multiple Russian airbases, hitting over 40 military aircraft and inflicting an estimated $7 billion in damage, in an operation dubbed "Spiderweb."
Published: 2025-06-02T20:04:19
Disclosure at MainStreet Bancshares comes as American finance orgs beg for looser reporting requirements Community bank MainStreet Bancshares says thieves stole data belonging to some of its customers during an attack on a third-party provider.
Published: 2025-06-02T12:27:13
PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more! Infosec In Brief Despite last week's FBI announcement that it helped to take down the crew behind the Lumma infostealer, the malware continues to operate.
Published: 2025-06-02T01:16:14
'It's a high-stakes intelligence war,' analyst explains exclusive A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.
Published: 2025-05-31T10:23:08
Pen tester on ScreenConnect bug: This one terrifies me ConnectWise has brought in the big guns to investigate a "sophisticated nation state actor" that broke into its IT environment and then breached some of its customers.
Published: 2025-05-30T19:01:49
28-year-old alleged to have made multiple drops to folks who turned out to be undercover FBI agents A Defense Intelligence Agency (DIA) IT specialist is scheduled to appear in court today after being caught by the FBI trying to surreptitiously drop top secret information to a foreign government in a public park.
Published: 2025-05-30T18:29:11
Cash splashed on damages, infrastructure improvements, and fraud monitoring A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks.
Published: 2025-05-30T17:35:07
Giving people the power to build community and bring the world closer together so we can shoot them Meta has partnered with Anduril Industries to build augmented and virtual reality devices for the military, eight years after it fired the defense firm's founder, Palmer Luckey.
Published: 2025-05-30T16:32:11
Take care when downloading AI freebies, researcher tells The Register Criminals are using installers for fake AI software to distribute ransomware and other destructive malware.
Published: 2025-05-30T10:25:11
Greater Manchester Police reprimanded over hours of video that went AWOL The UK's data watchdog has reprimanded Greater Manchester Police (GMP) force for losing CCTV footage the cop shop was later requested to retain.
Published: 2025-05-30T09:29:14
War in Ukraine causes major rethink in policy and spending The UK is spending more than 1 billion ($1.35 billion) setting up a new Cyber and Electromagnetic Command and is recruiting a few good men and women to join up and staff it.
Published: 2025-05-30T08:31:10
Infosecurity Europe celebrates its 30th anniversary by doubling down on its mission: Building a Safer Cyber World. Returning to ExCeL London from 3-5 June, the landmark edition of Europe's most influential cybersecurity event is set to be its most ambitious yet. With global cyberthreats mounting in scale and sophistication, the 2025 show will deliver strategic insight, practical training, and powerful connections across three days of expert content and community collaboration.
Published: 2025-05-30T08:00:16
Probably not a cyber-incident, but definitely not a good look Security services vendor SentinelOne experienced a major outage on Thursday.
Published: 2025-05-30T00:33:15
Philippines company allegedly run by Chinese national has form running scams The US Treasury has sanctioned a Philippine company and its administrator after linking them to the infrastructure behind the majority of so-called "pig butchering" scams reported to the FBI.
Published: 2025-05-30T00:15:13
'The operating system couldn't be loaded' is never a great message Microsoft's latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recommendation to avoid the problem for now is to dodge the update.
Published: 2025-05-29T21:46:42
House Homeland Security Committee takes a field trip to Silicon Valley Chinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster.
Published: 2025-05-29T19:51:33
No formal attribution made but two separate probes hint at the same suspect Thousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access.
Published: 2025-05-29T16:23:09
Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable.
Published: 2025-05-29T12:23:14
Sick of paying the US tech tax and relinquishing talent to other continents, politicians finally wake up The European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout their lifecycle, from startup through to maturity.
Published: 2025-05-29T09:26:11
Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.
Published: 2025-06-07T10:30:00
In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.
Published: 2025-06-06T19:05:57
Crypto-tracing firm Chainalysis says the mysterious 300-bitcoin donation to the pardoned Silk Road creator appears to have come from someone associated with a different defunct black market: AlphaBay.
Published: 2025-06-05T18:50:16
On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.
Published: 2025-06-05T10:00:00
A requirement that ICE agents ensure courthouse arrests don’t clash with state and local laws has been rescinded by the agency. ICE declined to explain what that means for future enforcement.
Published: 2025-06-04T22:24:17
President Donald Trump has proposed building a massive antimissile system in space that could enrich Elon Musk if it materializes. But experts say the project’s feasibility remains unclear.
Published: 2025-06-04T10:30:00
Seems bad out there. Unfortunately, it can always get worse. From evil hacker AI to world-changing cyberattacks, WIRED envisions the future you haven't prepared for.
Published: 2025-06-04T10:00:00
Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere or when disaster strikes.
Published: 2025-06-04T10:00:00
The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.
Published: 2025-06-04T10:00:00
A quantum computer will likely one day be able to break the encryption protecting the world's secrets. See how much faster such a machine could decrypt a password compared to a present-day supercomputer.
Published: 2025-06-04T10:00:00
A major cyberattack on the US electrical grid has long worried security experts. Such an attack wouldn’t be easy. But if an adversary pulled it off, it’d be lights out in more ways than one.
Published: 2025-06-04T10:00:00
GPS jamming and spoofing attacks are on the rise. If the global navigation system the US relies on were to go down entirely, it would send the world into unprecedented chaos.
Published: 2025-06-04T10:00:00
In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale.
Published: 2025-06-04T10:00:00
For years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a “bioterrorism” threat.
Published: 2025-06-03T16:21:20
Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more.
Published: 2025-05-30T18:42:45
The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity and it’s a familiar face.
Published: 2025-05-30T13:22:09
A member of a California-based fight club seems to have attended an event hosted by groups with ties to an organization the US government labeled a terrorist group. Will the Trump administration care?
Published: 2025-05-29T18:14:03
Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.
Published: 2025-05-29T10:30:00
Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started.
Published: 2025-05-27T10:30:00
Hackers. AI data scrapes. Government surveillance. Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here’s a simple guide for you and anyone who claims they have nothing to hide.
Published: 2025-05-26T10:30:00
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1
Published: 2025-06-08T19:17:00
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
Published: 2025-06-08T13:31:00
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a
Published: 2025-06-06T21:55:00
When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it file sharing, cloud storage and collaboration platforms AI landed in
Published: 2025-06-06T19:11:00
India's Central Bureau of Investigation (CBI) has revealed that it has arrested six individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of
Published: 2025-06-06T18:42:00
Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced
Published: 2025-06-06T16:00:00
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across
Published: 2025-06-06T14:05:00
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response
Published: 2025-06-05T21:23:00
The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government. That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. "Their diverse toolset shows consistent coding patterns across malware families, particularly in
Published: 2025-06-05T19:23:00
Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The
Published: 2025-06-05T16:55:00
An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It's said to be active since September 2017, when it targeted
Published: 2025-06-05T16:29:00
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash. "The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information," the DoJ said. "BidenCash
Published: 2025-06-05T15:46:00
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability. "A
Published: 2025-06-05T11:07:00
Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with
Published: 2025-06-04T20:54:00
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments. "Chaos RAT is an open-source RAT written in
Published: 2025-06-04T18:25:00
Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks
Published: 2025-06-04T17:43:00
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,
Published: 2025-06-04T15:41:00
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,
Published: 2025-06-04T10:53:00
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and Docusign. "
Published: 2025-06-03T20:30:00
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via
Published: 2025-06-03T18:31:00
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused currently looking like hundreds of millions in lost profits for M&S alone. This coverage is extremely valuable for the cybersecurity community as it raises
Published: 2025-06-03T16:30:00
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list. "Recent
Published: 2025-06-03T15:04:00
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will affect all Transport Layer Security (TLS)
Published: 2025-06-03T13:18:00
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft
Published: 2025-06-03T12:50:00
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out-of-bounds read and
Published: 2025-06-03T09:52:00
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
Published: 2025-06-02T21:33:00
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Kr ger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows - CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and
Published: 2025-06-02T20:42:00
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
Published: 2025-06-02T19:52:00
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore they’re struggling to trust what their systems are telling them. The problem isn’t too
Published: 2025-06-02T16:53:00
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can
Published: 2025-06-02T16:25:00
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. "In what appears to be a multi-stage phishing operation, the attackers
Published: 2025-06-02T11:21:00
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like
Published: 2025-05-31T15:49:00
A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in
Published: 2025-05-31T12:46:00
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as
Published: 2025-05-30T19:44:00
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend
Published: 2025-05-30T16:42:00
Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has
Published: 2025-05-30T16:00:00
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in
Published: 2025-05-30T13:21:00
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect
Published: 2025-05-30T11:41:00
Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and
Published: 2025-05-30T09:39:00
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan
Published: 2025-05-29T21:17:00
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable. While the DOS header makes the executable file backward compatible
Published: 2025-05-29T18:46:00
The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were
Published: 2025-05-29T16:04:00
Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. "Misuse of cloud
Published: 2025-05-29T11:29:00
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
Published: 2025-05-29T11:04:00
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.
Published: 2025-05-28T22:50:00
The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not
Published: 2025-05-28T21:31:00
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
Published: 2025-05-28T19:11:00
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server
Published: 2025-05-28T18:00:00
Stealer malware no longer just steals passwords. In 2025, it steals live sessions and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked attacker activity across
Published: 2025-05-28T16:55:00
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in
Published: 2025-05-28T16:30:00
A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads. The attack began on June 6 at 4:33 PM EST with a malicious update to […]
Published: 2025-06-08T13:35:00
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One Attacker exploits misconfigured AI tool to run AI-generated payload Crocodilus Mobile Malware: Evolving Fast, Going Global How Threat Actors Exploit Human Trust: A Breakdown of the […]
Published: 2025-06-08T11:35:30
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from […]
Published: 2025-06-08T11:20:49
Over 4 billion user records were found exposed online in a massive breach, possibly linked to the surveillance of Chinese citizens. Cybersecurity researcher Bob Dyachenko and the Cybernews team discovered a massive data leak in China that exposed billions of documents, including financial, WeChat, and Alipay data, likely affecting hundreds of millions. Researchers speculate data […]
Published: 2025-06-07T17:22:19
Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. “Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between […]
Published: 2025-06-06T22:09:16
A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console, then used it to […]
Published: 2025-06-06T18:30:42
The U.S. offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. infrastructure. The U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim […]
Published: 2025-06-06T11:12:23
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) states that Play ransomware has hit […]
Published: 2025-06-06T07:22:22
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Google released out-of-band updates to address three vulnerabilities […]
Published: 2025-06-05T21:03:56
Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in […]
Published: 2025-06-05T20:29:16