-
"New Attack Technique Exploits Microsoft Management Console Files"
Threat actors are using a new attack method involving specially crafted Management Saved Console (MSC) files to gain full code execution through Microsoft Management Console (MMC) and dodge security defenses.
-
"Polyfill.io JavaScript Supply Chain Attack Impacts Over 100K Sites"
A polyfill.io supply chain attack has affected over 100,000 websites after a Chinese company bought the domain and the script was modified to redirect users to malicious websites.
-
"Why Are Threat Actors Faking Data Breaches?"
Etay Maor, Chief Security Strategist at Cato Networks, provides his insights into threat actors faking data breaches. Most likely, hackers sell fake data to make more money, according to Maor.
-
"Recent Zyxel NAS Vulnerability Exploited by Botnet"
The Shadowserver Foundation warns that botnet attacks are exploiting a recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices. The code injection flaw can be exploited remotely without authentication.
-
"New Medusa Trojan Variant Emerges with Enhanced Stealth Features"
New fraud campaigns have used the "Medusa" banking Trojan, also known as "TangleBot." Cleafy researchers recently reported that this sophisticated malware family, first discovered in 2020, has returned with significant changes.
-
"Cloud Breaches Impact Nearly Half of Organizations"
The "Thales 2024 Cloud Security Study" found that 44 percent of organizations have had a cloud data breach, with 14 percent having experienced one in the past 12 months.
-
"Google's Naptime Framework to Boost Vulnerability Research with AI"
Researchers at Google's Project Zero introduced "Naptime," a framework to allow Large Language Models (LLMs) to perform vulnerability research.
-
"Meta's Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher"
Researcher Harish Santhanalakshmi Ganesan demonstrated the delivery of malware to Meta's Quest 3 headset. He took on claims that it is almost impossible to install malware on Quest 3 VR, and did it without enabling developer mode.
-
"Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom"
Indonesia’s national data center has recently been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.
-
"Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information"
High-end department store Neiman Marcus recently disclosed a data breach shortly before a hacker offered to sell information belonging to the company's customers.
-
"Chrome 126 Update Patches Memory Safety Bugs"
Google recently announced a new Chrome security update that addresses four high-severity memory safety vulnerabilities reported by external researchers.
-
"Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets"
Cryptocurrency portfolio manager CoinStats recently resumed activity after hackers drained over $2 million in virtual assets from 1,590 hosted wallets.
News