North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans
Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign
Information Security Magazine
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
1 month ago
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
State-Sponsored Hackers Behind Majority of Vulnerability Exploits
1 month ago
Recorded Future highlighted the vast capabilities of state actors to rapidly weaponize newly disclosed vulnerabilities for geopolitical purposes
TransUnion Data Breach Impacts 4.5 Million US Customers
1 month ago
The credit rating giant revealed that the breach, which occurred on July 28, was caused by unauthorized access to a third-party application
Fake IT Support Attacks Hit Microsoft Teams
1 month ago
Fake IT support lures are being used to trick employees into installing remote‑access tools via Microsoft Teams
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
1 month ago
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers
Malicious VS Code Extensions Exploit Name Reuse Loophole
1 month ago
Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages
Nevada Confirms Ransomware Attack, State Data Stolen
1 month ago
Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
1 month ago
The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns
Crypto Companies Freeze $47m in Romance Baiting Funds
1 month ago
Chainalysis, OKX, Binance and Tether have managed to stop nearly $50m reaching romance baiting fraudsters
Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure
1 month ago
Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery
CISA Strengthens Software Procurement Security With New Tool
1 month 1 week ago
CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement
Researchers Discover First Reported AI-Powered Ransomware
1 month 1 week ago
While still in development, PromptLock is described as the “first known AI-powered ransomware” by ESET researchers
Nevada “Network Security Incident” Shuts Down State Offices and Services
1 month 1 week ago
The Office of the Governor of Nevada revealed that the incident has shut down in-person State services, while government phone lines and websites are offline
ShadowSilk Campaign Targets Central Asian Governments
1 month 1 week ago
A series of cyber-attacks against government organizations in Central Asia and Asia- Pacific has been linked to the ShadowSilk threat cluster
Citrix Patches Three NetScaler Zero Days as One Sees Active Exploitation
1 month 1 week ago
Citrix customers are urged to patch their vulnerable NetScaler appliances, but “patching alone won’t cut it,” experts said
ENISA to Coordinate €36m EU-Wide Incident Response Scheme
1 month 1 week ago
EU security agency ENISA is being handed €36m to operate the EU Cybersecurity Reserve
New Data Theft Campaign Targets Salesforce via Salesloft App
1 month 1 week ago
Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift
New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices
1 month 1 week ago
Abnormal AI said the campaign, which lures victims into downloading legitimate RMM software, marks a major evolution in phishing tactics
New Android Trojan Variant Expands with Ransomware Tactics
1 month 1 week ago
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays
Checked
2 hours 44 minutes ago