DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet…
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Google has disclosed details of a financially motivated threat cluster that it said “specialises” in voice phishing (aka…
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT…
Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era
Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS…
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from…
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce…
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing…
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone…
Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been…
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target…