A group of computer scientists discovered an architectural flaw in certain recent Intel CPUs that can be exploited to reveal SGX enclave data such as private encryption keys. It is referred to as AEPIC Leak because it affects the memory-mapped registers…

The United States has recently placed sanctions on Tornado Cash, a leading "crypto mixer" for transactions in virtual currency that US officials describe as a hub for laundering stolen funds, including by North Korean hackers. The Treasury stated that…

Mobile phones can be abused to enable stalking through location tracking, account compromise, and remote surveillance methods. Although experts can assist victims in detecting and recovering from this type of technology abuse, researchers at Carnegie…

IBM recently announced patches for multiple high-severity vulnerabilities impacting products such as Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector.  Three vulnerabilities were resolved in IBM Netezza for Cloud Pak for Data, all of…

Microsoft Office has started publishing Office symbols for Windows to help bug hunters find and report security issues.  Microsoft noted that symbols are pieces of information used during debugging and are contained within Symbol files, which are…

In most cases, IBM's X-Force Red ethical hacking team has been able to gain access to Source Code Management (SCM) systems in an adversary simulation engagement. Access to SCM systems provides attackers with opportunities for software supply chain…

Meta, Facebook's parent company, took action earlier this year against two cross-platform cyberespionage operations that relied on multiple websites for malware distribution. Bitter APT is the first hacking group that Meta shut down in the second quarter…

In a recently observed phishing campaign aimed at taking over Coinbase accounts and defrauding users of their cryptocurrency balances, threat actors are circumventing two-factor authentication (2FA) and employing other evasion tactics. Coinbase is a…

Hackers linked to the North Korean Lazarus group attempted to steal cryptocurrency from deBridge Finance, a cross-chain protocol that allows for the decentralized transfer of assets between blockchains. The threat actor tricked company employees into…

Since January 2022, over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have been targeted to steal confidential data using six different backdoors. The attacks were attributed "with a high degree of…

Following notification from a security vendor, administrators of the Python Package Index (PyPI) removed ten malicious software code packages from the registry. The incident is the most recent in a long line of recent instances in which threat actors…

Security researchers at Inky have discovered that open redirect vulnerabilities affecting American Express and Snapchat websites were exploited earlier this year as part of phishing campaigns targeting Microsoft 365 users.  The researchers noted…