News
-
"Hundreds of LLM Servers Expose Corporate, Health & Other Online Data"Hundreds of open source Large Language Model (LLM) builder servers and dozens of vector databases leak sensitive data to the web.
-
"Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor""Peach Sandstorm," an Iran-backed hacking group, has created a new custom multi-stage backdoor to infiltrate targets during cyber espionage operations.
-
"Iranian Hackers Work With Ransomware Gangs to Extort Breached Orgs""Pioneer Kitten" is an Iranian hacking group infiltrating US defense, education, finance, and healthcare organizations and extorting victims with affiliates of several ransomware operations.
-
"LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics""LummaC2" malware has reemerged, infiltrating and exfiltrating sensitive data. The infostealer malware actively exploits PowerShell commands. According to researchers at Ontinue, the latest variant of LummaC2 uses sophisticated tactics.
-
"BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave"According to Cisco Talos, "BlackByte" ransomware attackers have exploited a recently patched VMware ESXi hypervisor flaw while also abusing different vulnerable drivers to disable security.
-
"South Korean Spies Exploit WPS Office Zero-Day"ESET discovered a cyber espionage campaign, traced to the Seoul-aligned APT-C-60 group, that exploited a novel Remote Code Execution (RCE) vulnerability in WPS Office for Windows to launch a custom backdoor.
-
"Malware Delivered via Malicious Pidgin Plugin, Signal Fork"Threat actors have been delivering malware to users of instant messaging apps. They have used a malicious Pidgin plugin and an unofficial fork of the Signal app.
-
"DICK’s Shuts Down Email, Locks Employee Accounts After Cyberattack"DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, recently announced that confidential information was exposed in a cyberattack detected last Wednesday.
-
"Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites"According to security researchers at Defiant, a critical vulnerability in the WPML multilingual plugin for WordPress could expose over one million websites to remote code execution (RCE).
-
"950,000 Impacted by Young Consulting Data Breach"Software solutions provider Young Consulting recently notified over 950,000 individuals that their personal information was compromised in a data breach earlier this year.
-
"US Offering $2.5 Million Reward for Belarusian Malware Distributor"The US Department of State recently announced a $2.5 million reward for information leading to the arrest of a Belarusian national allegedly involved in the mass distribution of malware.