A newly identified wave of cyberattacks by the notorious Scattered Spider hacking group has zeroed in on help-desk administrators at major technology companies, leveraging advanced social engineering techniques to breach corporate defenses. Known for their adept use of psychological manipulation,…
Category: EN
Chrome Extensions Vulnerability Exposes API Keys, Secrets, and Tokens
A significant security vulnerability affecting millions of Chrome extension users has been discovered, revealing widespread exposure of sensitive API keys, secrets, and authentication tokens directly embedded in extension code. This critical flaw stems from developers hardcoding credentials into their JavaScript…
Microsoft Unveils European Security Program to Target Cybercriminal Networks
To combat malicious actors across Europe, Microsoft has introduced a comprehensive European Security Program designed to tackle sophisticated cybercriminal networks targeting European infrastructure. Announced in Berlin on June 4, 2025, the initiative specifically targets ransomware groups and state-sponsored threat actors…
Booking.com reservation abused as cybercriminals steal from travelers
Cybercriminals are abusing the hospitality industry and its booking platforms to defraud the travelers that visit them This article has been indexed from Malwarebytes Read the original article: Booking.com reservation abused as cybercriminals steal from travelers
In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA
Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office. The post In Other News: FBI Warns of…
OAuth Tokens: The Danger Behind the Commvault Breach
Discover what went wrong in the Commvault breach: How AppOmni’s powerful SaaS security platform steps in to stop threats before they strike. The post OAuth Tokens: The Danger Behind the Commvault Breach appeared first on AppOmni. The post OAuth Tokens:…
Adidas Confirms Data Leak After User Service Provider Hack
Adidas confirmed that a third-party customer service provider’s vulnerability allowed a threat actor to steal company data. Contact details of customers who have previously dealt with the Adidas customer service help desk are among the impacted data. However, passwords,…
NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU
iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: NICKNAME: Zero-Click…
ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information
The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond. First identified by Fortinet in 2020, ViperSoftX is…
Microsoft Unveils European Security Effort to Disrupt Cybercrime Networks
A critical heap-based buffer overflow vulnerability, tracked as CVE-2025-24993, has been discovered in the Windows New Technology File System (NTFS), posing a significant threat to millions of Windows users globally. The flaw, patched during Microsoft’s March 2025 Patch Tuesday, was…
New Mirai Variant Exploits TBK DVR Flaw for Remote Code Execution
The latest wave of Mirai botnet activity has resurfaced with a refined attack chain exploiting CVE-2024-3721, a critical command injection vulnerability in TBK DVR-4104 and DVR-4216 devices. This campaign leverages unpatched firmware to deploy a modified Mirai variant designed for…
86 million AT&T customer records reportedly up for sale on the dark web
The leaked data contains names, dates of birth, phone numbers, email addresses, street addresses, and social security numbers. This article has been indexed from Latest stories for ZDNET in Security Read the original article: 86 million AT&T customer records reportedly…
North Korea’s Innovative Laptop Farm Scam Alarms Cybersecurity Experts
A group of software engineers, many of whom secretly work on behalf of North Korea, has infiltrated major U.S. companies, many of which are Fortune 500 companies, by masquerading as American developers to obtain money from them. This has…
Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam
India’s Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency…
Empower Users and Protect Against GenAI Data Loss
When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves…
Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets This article has been indexed from www.infosecurity-magazine.com Read the original article: Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
U.S. Offers $10M Bounty for Information on RedLine Malware Creator
The US State Department has announced a reward of up to $10 million for information leading to the identification or location of Maxim Alexandrovich Rudometov, the alleged developer and administrator of the notorious RedLine infostealer malware. This action, under the…
No Excuses: Why Multi-Factor Authentication is Non-Negotiable
Breaches are not a matter of if but when, which is why relying solely on passwords is a dangerous oversight. As the Product Security Manager for Harmony SASE, I’ve seen the destruction firsthand, and I’m here to tell you that…
Uncle Sam moves to seize $7.7M laundered by North Korean IT worker ring
The cash has been frozen for more than two years The US is looking to finally capture the $7.74 million it froze over two years ago after indicting alleged money launderers it claims are behind North Korean IT worker schemes.……
3 Reasons to Visit IRONSCALES at Pax8 Beyond 2025
Pax8 Beyond is far from your average MSP conference. It’s the premier event for MSP professionals who want to learn, collaborate, and walk away with actionable insights to grow their business. From hands-on tech labs to game-changing breakout sessions and…