Google recently announced the April 2023 security updates for Android devices, with patches for over 65 vulnerabilities, including two critical bugs leading to remote code execution (RCE).  Google’s Android security bulletin for April 2023 describes…

Google recently announced the release of Chrome 112 in the stable channel with patches for 16 vulnerabilities, including 14 reported by external researchers.  Of the externally reported flaws, two are rated high severity, nine have a medium severity…

eFile[.]com, an online service that helps individuals file tax returns, was recently injected with malicious code that led to malware being delivered to visitors.  The software service, which is authorized by the Internal Revenue Service (IRS),…

The creators of the Typhon information-stealing malware claimed on a dark web forum that they had updated the malware to a new version, which they now market as "Typhon Reborn V2." They revealed improvements intended to prevent analysis via anti-…

The FBI has shut down its second cybercriminal forum of the year. The Genesis Market, known and used by hackers worldwide, has been seized in the global sting called Operation Cookie Monster. In the hacker community, Genesis Market is an invitation-only…

CryptoClippy, a new malware capable of stealing cryptocurrency, is currently targeting Portuguese users as part of a malvertising campaign. The activity involves Search Engine Optimization (SEO) poisoning techniques to lure people searching for "WhatsApp…

New research by Resecurity has uncovered the STYX Innovation Marketplace, a new cybercriminal e-commerce platform with a focus on financial fraud and money laundering. STYX was introduced at the start of 2023, providing cybercriminals with various…

A security researcher has tricked ChatGPT into creating sophisticated data-stealing malware that signature- and behavior-based detection tools will be unable to identify, evading the chatbot's anti-malicious-use protections. Without writing code, the…

According to research from the University of Southampton, individuals should engage in "analytical reasoning" in order to avoid being tricked by a fraudulent website. Those with slower, more deliberate thought processes were found to be less likely to…

Rorschach is a potentially record-breaking ransomware in regard to encryption speeds. It has been found in the wild, locking up systems at nearly twice the rate of the infamous LockBit 3.0 malware. According to tests conducted by Check Point Research (…

Using a malicious Self-Extracting Archive (SFX) file, an unknown threat actor attempted to establish persistent backdoor access to a victim's environment, according to new CrowdStrike findings. SFX files can extract the data within them without the need…

Attackers are abusing the reputation and openness of the popular public JavaScript software registry NPM to spread malware and carry out scams, while launching Distributed Denial-of-Service (DoS) attacks against the service at the same time. According to…