Researchers have discovered a sophisticated information stealer campaign that distributes "DanaBot" and "StealC" malware by impersonating legitimate brands.

Palo Alto Networks found a threat actor extorting organizations after compromising their cloud environments using accidentally exposed environment variables.

According to Radware, Distributed Denial-of-Service (DDoS) attacks increased by 265 percent in the first half of 2024 compared to the same period in 2023.

Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems.  The malware is called Banshee Stealer and is believed to have been developed by Russian threat actors.

Independent researcher Matt Burch presented findings on "financial" or "enterprise" ATMs used in banks and other large institutions at the DEF CON hacking conference.

Security experts urge Windows system administrators to patch a pre-auth Remote Code Execution (RCE) vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is highly likely.

Selections by dgoff

A new attack vector in GitHub Actions artifacts, called "ArtiPACKED," could be used to take over repositories and access organizations' cloud environments.

Researchers at FortiGuard Labs have uncovered a sophisticated "ValleyRAT" malware campaign targeting Windows users in China. The threat actors behind the campaign seek to take over compromised machines.

According to security researchers at Dragos, there was a significant increase in ransomware attacks on industrial organizations in the second quarter of 2024 compared to the previous quarter.

"RansomHub" ransomware operators are now using new malware named "EDRKillShifter" to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks.

EPFL researchers in computer and communication sciences discovered 31 critical security vulnerabilities in the Android system and developed ways to mitigate some of them.