A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. | Continue reading
The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva by ESET researchers in targeted attacks against a South African freight logistics company. | Continue reading
Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. | Continue reading
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. | Continue reading
A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords. | Continue reading
Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function. | Continue reading
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. | Continue reading
Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots. | Continue reading
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. | Continue reading
During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. | Continue reading
Facebook has now released a public statement clarifying the cause of and addressing some of the concerns related to the recent data leak. As reported last week, information of about 533 million Facebook profiles surfaced on a hacker forum. | Continue reading
Newly discovered Android malware found on Google's Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages. | Continue reading
A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. | Continue reading
Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak. | Continue reading
The European Commission and several other European Union organizations were hit by a cyberattack in March according to a European Commission spokesperson. | Continue reading
A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. | Continue reading
Ireland's Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. | Continue reading
Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks. | Continue reading
A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity increased, the developer kept improving it to avoid detection from security solutions. | Continue reading
After a shared Google Drive was posted online containing the private videos and images from many OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. | Continue reading
The new Chromium-based Microsoft Edge browser has grown by over 1,300% in the past 12 months, while the Firefox browser is slowly losing its market share. | Continue reading
Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Defender antivirus, now comes with support for Windows 10 on Arm devices. | Continue reading
Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. | Continue reading
The Windows 10 21H1 feature update, also known as the Spring 2021 Udpate, is being released in April or May 2021. Find out what's new , how to get it, and more. | Continue reading
Canadian IoT solutions provider Sierra Wireless announced that it resumed production at its manufacturing sites after it halted it due to a ransomware attack that hit its internal network and corporate website on March 20. | Continue reading
A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. | Continue reading
The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. | Continue reading
Rust developers have repeatedly raised concerned about a privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++. However, developers have been bothere … | Continue reading
Stolen personal and financial information of students at Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group earlier this week. | Continue reading
Microsoft has revealed that Thursday's worldwide outage was caused by a code defect that allowed the Azure DNS service to become overwhelmed and not respond to DNS queries. | Continue reading
GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainer … | Continue reading
GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 year … | Continue reading
Brown University, a private US research university, had to disable systems and cut connections to the data center after suffering a cyberattack on Tuesday. | Continue reading
Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. | Continue reading
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. | Continue reading
The popular Twitch AdBlock extension has been removed from both Chrome Web Store and Firefox Addons. Twitch AdBlock was the choice of extension among Twitch users for restricting ads when using Twitch. The extension's author stated before its removal, the ad blocker had over 150, … | Continue reading
Cybersecurity firm Qualys said today that the attackers who breached its Accellion FTA server didn't infiltrate the company's production and corporate environments. | Continue reading
US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. | Continue reading
Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a … | Continue reading
GitHub Arctic Code Vault has inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years. | Continue reading
A massive phishing campaign reaching tens of thousands of inboxes impersonated the MacKenzie Bezos-Scott grant foundation promising financial benefits to recipients in exchange of a processing fee. | Continue reading
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information. | Continue reading
After taking over the domains for the notorious Coinhive in-browsing Monero mining service, a researcher is now displaying alerts on hacked websites that are still injecting the mining service's JavaScript. | Continue reading
VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. | Continue reading
Microsoft has fixed an Outlook bug that blocked users from forwarding or replying to emails containing embedded hyperlinks pointing to long URLs. | Continue reading
Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week. | Continue reading
The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. | Continue reading
Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level. | Continue reading