A major US energy company was the target of a phishing campaign that sent more than 1,000 emails containing malicious QR codes designed to steal Microsoft credentials. The campaign, which Cofense discovered in May, used both PNG image attachments and…

LinkedIn users are the target of an ongoing account hijacking campaign. They are getting locked out of their accounts. The threat actors behind the malicious campaign are holding the compromised accounts for ransom. The Cyberint research team has…

Cleaning products manufacturer and marketer Clorox recently announced that it has taken certain systems offline in response to a cyberattack.  In a statement, the organization said it recently identified unusual activity on its IT systems.  …

Experts from Arizona State University (ASU) are bringing further attention to how ChatGPT and other Artificial Intelligence (AI)-driven chatbots threaten national security. According to Nadya Bliss, executive director of ASU's Global Security Initiative…

According to SafeBreach researcher Or Yair, Microsoft's OneDrive file-sharing program can be used as ransomware to encrypt most files on a target machine beyond recovery, partly because Windows and Endpoint Detection and Response (EDR) programs…

According to federal officials investigating Distributed Denial-of-Service (DDoS) incidents, most attacks stem from business or gaming disputes. In recent years, much media coverage of DDoS attacks has centered on groups affiliated with or supporting…

The Colorado Department of Health Care Policy and Financing (HCPF) has recently revealed that the personal information of millions of individuals was compromised in a data breach resulting from the recent MOVEit cyberattack.  The HCPF informed the…

Researchers at Akamai warn of ongoing attacks, dubbed Xurum, against e-commerce websites using the Magento 2 Content Management System (CMS). Attackers are exploiting a server-side template injection vulnerability, tracked as CVE-2022-24086, with a CVSS…

A new cybersecurity threat known as QwixxRAT, a Remote Access Trojan (RAT), was recently discovered by the Uptycs Threat Research team in early August 2023.  According to the researchers, QwixxRAT has caught attention due to its unusual distribution…

The npm package registry has been hit in yet another highly targeted attack campaign aimed at luring developers to download malicious modules. According to the software supply chain security company Phylum, the activity resembles a previous attack wave…

The National Institute of Standards and Technology's (NIST) Cybersecurity Framework (CSF) has been updated, and is now aimed at organizations of all sizes. The framework was introduced nearly a decade ago as technical cybersecurity guidance for critical…

The FBI has issued a warning about a new tactic used by cybercriminals to steal cryptocurrency. The tactic involves the promotion of malicious "beta" versions of cryptocurrency investment apps on mobile app stores. The threat actors submit the apps to…