A sophisticated social engineering campaign has surfaced on TikTok, leveraging the platform’s massive user base and algorithmic reach to distribute information-stealing malware, specifically Vidar and […]
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent […]
Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns
Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas […]
Cybercriminals Exploit CapCut Popularity to Steal Apple ID Credentials and Credit Card Data
Threat actors have capitalized on the immense popularity of CapCut, the leading short-form video editing app, to orchestrate a highly deceptive phishing campaign. According to […]
Malicious Passlib Python Package Triggers Windows Shutdowns with Invalid Inputs
A deceptive and destructive Python package named psslib, uncovered by Socket’s Threat Research Team, poses a severe risk to developers by masquerading as a legitimate […]
Top Apple, Google VPN Apps May Help China Spy on Users
Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers […]
‘CitrixBleed 2’ Shows Signs of Active Exploitation
If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected. The […]
Exploitation of Microsoft 365 Direct Send to Deliver Phishing Emails as Internal Users
A sophisticated phishing campaign targeting over 70 organizations, predominantly in the US, has been uncovered by Varonis’ Managed Data Detection and Response (MDDR) Forensics team. […]
Threat Actors Leverage Windows Task Scheduler to Embed Malware and Maintain Persistence
A comprehensive follow-up analysis to the FortiGuard Incident Response Team’s (FGIR) investigation titled “Intrusion into Middle East Critical National Infrastructure” has revealed a protracted cyberattack […]
Threat Actors Use Clickfix Tactics to Deploy Malicious AppleScripts for Stealing Login Credentials
In a recent discovery by the CYFIRMA research team, a sophisticated malware campaign dubbed Odyssey Stealer has been uncovered, targeting macOS users through a deceptive […]