In 2019, Russian threat actors began targeting Texas-based business software provider SolarWinds. What started as a dry run to inject malware into SolarWinds’ networks evolved […]
Author: cyberbytes
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by […]
Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time
Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds […]
Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials
A new wave of targeted phishing campaigns, linked to the Tycoon2FA group, has been identified specifically targeting Microsoft 365 users. Security researchers have observed that […]
Critical pfSense Firewall Flaws Enable Attackers to Inject Malicious Code
Security researchers have uncovered three critical vulnerabilities in pfSense firewall software that could allow attackers to inject malicious code, corrupt configurations, and potentially gain unauthorized […]
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Cybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, […]
W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials
Cybersecurity researchers have recently uncovered a sophisticated phishing campaign leveraging the notorious W3LL Phishing Kit. Originally identified by Group-IB in 2022, W3LL differentiates itself in […]
Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features
Tor Project has launched Tor Browser 14.5.2, a significant update addressing security vulnerabilities, refining cross-platform functionality, and enhancing build system reliability. This release integrates critical […]
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against […]
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Security researchers showcased 28 zero-day vulnerabilities during the Pwn2Own contest held during the OffensiveCon conference in Berlin that ended on Saturday. The flaws allowed ethical […]