The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to […]
Washington Post Staffer Emails Targeted in Cyber Breach
Journalists’ Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China. The original […]
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible […]
Malicious Payload Found in JPEG Image Using Steganography and Base64 Obfuscation
Cybersecurity enthusiast Xavier shed light on a sophisticated method of hiding malicious payloads within seemingly innocuous JPEG images. This discovery has sparked significant interest in […]
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data
The JFrog Security Research team has uncovered a sophisticated malicious package named “chimera-sandbox-extensions” on the Python Package Index (PyPI), a widely used repository for Python […]
Washington Post Hacked – Multiple Journalists’ Email Accounts Compromised
The Washington Post confirmed late last week that its email systems were targeted in a cyberattack, resulting in the compromise of several journalists’ email accounts. […]
Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms
The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected this year, Katz Stealer combines […]
‘Water Curse’ Targets Infosec Pros Via Poisoned GitHub Repositories
The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware. The […]
‘Grafana Ghost’ XSS flaw exposes 47,000 servers to account takeover
A newly discovered cross-site scripting (XSS) vulnerability in Grafana — a widely used open-source analytics and visualization platform for developers — has put thousands of […]
Erster Zero-Click-Angriff auf Microsoft 365 Copilot
Eine Lücke in Microsoft 365 Copilot ermöglicht es, sensible Daten zu stehlen. Tada Images – shutterstock.com Stellen Sie sich einen Angriff vor, der so heimlich […]