Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP…
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands
The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with…
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation
Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large…
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware
An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi…
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet…
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Google has disclosed details of a financially motivated threat cluster that it said “specialises” in voice phishing (aka…
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT…
Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era
Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS…
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from…
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce…