The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware […]
Author: cyberbytes
Beware of Instagram Growth Tools Stealing Login Credentials and Sending Them to Attackers
A discovery by Socket’s Threat Research Team has unveiled a malicious Python package named imad213, masquerading as an Instagram growth tool. Created by a threat […]
United Natural Food’s Operations Limp Through Cybersecurity Incident
It’s unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company’s operations. ​The original article found on […]
SAP NetWeaver Vulnerability Allows Attackers to Escalate Privileges
A critical vulnerability in the SAP NetWeaver Application Server AS ABAP has been disclosed under SAP Security Note #3600840, carrying a near-maximum CVSS score of […]
North Korean APT Hackers Target Users on Social Media to Spread Malware
The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active […]
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
SSH Keys: The Most Powerful Credential You’re Probably Ignoring
SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotated credentials that persist across […]
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains. ​The original article found […]
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites. “Upon execution, the […]
Ivanti Workspace Control Vulnerability Lets Attackers Remotely Exploit To Steal the Credential
Ivanti has released a critical security update for its Workspace Control software, patching three high-severity vulnerabilities that could allow attackers to compromise sensitive credentials. The […]
Severe SAP NetWeaver Vulnerability Allows Attackers to Bypass Authorization Checks
SAP has released nineteen security patches in its June Patch Day, addressing critical vulnerabilities that could allow attackers to bypass authorization controls and escalate privileges […]