Threat actors are using an updated version of a malware loader known as BLISTER in SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. According to Elastic Security Labs researchers, the new BLISTER…

Hackers are exploiting two MinIO vulnerabilities to compromise object storage systems, gain access to private information, execute arbitrary code, and take control of servers. MinIO is an open-source object storage service compatible with Amazon S3 and…

The Zero Day Initiative (ZDI) has announced that over $1 million in cash and prizes will be offered at the first Pwn2Own hacking contest centered on car systems. The competition, named Pwn2Own Automotive, will consist of four categories: all things Tesla…

When considering how to invest their budgets, Original Equipment Manufacturers (OEMs) and their suppliers may be tempted to invest less in addressing cyber threats. So far, the attacks they have encountered have not been very sophisticated or harmful.…

British mesh fencing systems maker Zaun has recently disclosed that a LockBit ransomware attack potentially led to the compromise of data related to UK military and intelligence sites.  Headquartered in Wolverhampton, Zaun specializes in high-…

A non-profit organization used by millions on both sides of the Atlantic to recycle their possessions has admitted to suffering a data breach last month.  The US-based Freecycle Network, which is also registered as a charity in the UK, claimed in an…

An unidentified hacker gained administrative control of Sourcegraph, an Artificial Intelligence (AI)-powered service used by developers at Uber, Reddit, Dropbox, and other companies. Through this control, the hacker provided free access to resources…

Customers of Okta, one of the leading providers of authentication services and Identity and Access Management (IAM) systems, report social engineering attacks targeting their Information Technology (IT) service desks to compromise administrator-level…

According to cybersecurity experts, critical infrastructure operators can use traditional but increasingly innovative security practices to prevent emerging threats related to extreme heat waves, massive storms, and other weather events exacerbated by…

Researchers at Securonix found ransomware campaigns using Internet-exposed Microsoft SQL (MSSQL) databases as a launching point for attacks against victim systems. Oleg Kolesnikov, vice president of threat research at Securonix, says the typical attack…

The Telegram messaging application has become cybercriminals' go-to assistant for various cyberattacks, as it provides services similar to those found on the dark web via a more accessible platform. Phishing and other cyberattack services are often…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.