Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro.
The campaign, codenamed gitgub, includes 17 repositories associated …
Author: TheHackerNews
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution.
Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU …
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data.
According …
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites.
“The Standard protection mode for Chrome …
Mar 15, 2024NewsroomMalvertising / Threat Intelligence
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus …
Mar 14, 2024NewsroomRansomware / Cyber Crime
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation.…
Mar 14, 2024NewsroomContainer Security / Vulnerability
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with …
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs …
Mar 14, 2024NewsroomCyber Espionage / Malware
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands.
“The …
Mar 14, 2024NewsroomCyber Threat / Malware
The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like …
Mar 14, 2024NewsroomMalware / Cyber Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.…
Mar 14, 2024The Hacker NewsVulnerability / Network Security
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected …
Mar 13, 2024The Hacker NewsApp Security / Cyber Security
One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply …
Mar 13, 2024The Hacker NewsFinancial Fraud / Mobile Security
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and …
Mar 13, 2024The Hacker NewsSaaS Security / Webinar
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector.
The …
Mar 13, 2024NewsroomLarge Language Model / AI Security
Google’s Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, …
Mar 13, 2024NewsroomPhishing Attack / Threat Intelligence
A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based …
Mar 13, 2024NewsroomPatch Tuesday / Software Update
Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V …
Mar 12, 2024The Hacker NewsCryptocurrency / Cybercrime
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic …
Mar 12, 2024The Hacker NewsCTEM / Vulnerability Management
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want …
Mar 12, 2024NewsroomWordPress / Website Security
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code.
According to …
Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that’s propagated via phishing emails bearing PDF attachments.
“This intricate attack involves the PDF downloading a …
Mar 11, 2024The Hacker NewsPrivileged Access Management
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) …
Mar 11, 2024The Hacker NewsCybersecurity / Browser Security
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data …
Mar 11, 2024NewsroomRansomware / Vulnerability
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks.
According to a …
Mar 11, 2024NewsroomNetwork Security / Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway …
Mar 11, 2024NewsroomZero-Day / Endpoint Security
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices …
Mar 09, 2024NewsroomCyber Attack / Threat Intelligence
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to …
Mar 08, 2024NewsroomInteroperability / Encryption
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) …
Mar 08, 2024The Hacker NewsSecrets Management / Access Control
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon …
Mar 08, 2024NewsroomNetwork Security / Vulnerability
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to …
Mar 07, 2024NewsroomVulnerability / Web Security
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal.
The attacks, which take the …
Mar 07, 2024NewsroomCyber Espionage / Software Security
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September …
In today’s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user …
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two …