The Lumma InfoStealer malware has been observed leveraging weaponized PDF documents to target educational institutions. This sophisticated campaign exploits malicious LNK (shortcut) files disguised as legitimate PDFs, initiating multi-stage infection processes that compromise sensitive data. Educational infrastructures, often less fortified…
Category: EN
4 Million Stolen Credit Cards to Be Released for Free by B1ack’s Stash Marketplace
The cybersecurity community is on high alert as B1ack’s Stash, a known marketplace on the dark web, has announced a massive leak of 4 million stolen credit card details. The Dark Web Informer threat intelligence researchers posted on X state…
New LLM Vulnerability Let Attackers Exploit The ChatGPT Like AI Models
A newly uncovered vulnerability in large language models (LLMs) has raised significant concerns about the security and ethical use of AI systems like OpenAI’s ChatGPT. Dubbed “Time Bandit,” this exploit manipulates the temporal reasoning capabilities of LLMs. This enables the…
DEF CON 32 – Manufacturing Lessons Learned, Lessons Taught
Authors/Presenters: Tim Chase Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The…
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat…
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is notorious for its advanced obfuscation techniques, making it challenging to analyze and detect. Recently, cybersecurity researchers uncovered a new campaign…
US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware
Called it an ‘incident’ in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a “cybersecurity attack,” per a regulatory filing,…
Kai Cenat Swatted on Live Twitch Stream
Twitch streamer Kai Cenat was swatted during a live stream, shocking viewers. The event unfolded mid-stream, highlighting the risks streamers face from hoaxes. The post Kai Cenat Swatted on Live Twitch Stream appeared first on eSecurity Planet. This article has…
China-linked APT group Winnti targets Japanese organizations since March 2024
China-linked threat actor Winnti targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024 as part of a campaign dubbed RevivalStone. Researchers from cybersecurity firm LAC uncovered a new cyberespionage campaign, tracked as RevivalStone, carried out by the…
MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks
San Francisco startup secures $8.5 million in seed funding led by Valley Capital Partners to tackle browser-based malware attacks. The post MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks appeared first on SecurityWeek. This article has been indexed…
Threat Analysts Warn of the ‘Largest Data Breach’ After Elon Musk’s DOGE Controversy
The debate over Elon Musk’s Department of Government Efficiency continues, with the world’s richest man accused of snooping on some of America’s most sensitive data. The DOGE has been tasked with reducing government spending by a paltry $2 trillion,…
National Security Faces Risks from Cybercrime Expansion
The incidence of cyberattacks globally increased by 125% in 2021 compared to 2020, posing a serious threat to businesses and individuals alike. Phishing continues to be the most prevalent form of cybercrime worldwide and is expected to continue this…
DeepSeek AI Raises Data Security Concerns Amid Ties to China
The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google. However, its rapid rise in popularity has also…
6 considerations for 2025 cybersecurity investment decisions
Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of…
Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots
The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it… This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News Read the original article: Snake Keylogger…
Cybercriminals Embedded Credit Card Stealer Script Within ![]()
Tag
Cybersecurity researchers have uncovered a new MageCart malware campaign targeting e-commerce websites running on the Magento platform. This attack exploits <img> HTML tags to conceal malicious JavaScript skimmers, enabling cybercriminals to steal sensitive payment information while evading detection by security…
Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
A sophisticated malware campaign leveraging the Lumma InfoStealer has been identified, targeting educational institutions to distribute malicious files disguised as PDF documents. This campaign employs compromised school infrastructure to deliver weaponized LNK (shortcut) files masquerading as legitimate PDFs, initiating a…
New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation
A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT, raising concerns over their susceptibility to adversarial attacks. Researchers have highlighted how these models can be manipulated through techniques like prompt injection, which exploit their text-generation…
New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats
A recent study by researchers from the National University of Singapore and NCS Cyber Special Ops R&D explores how the MITRE ATT&CK framework can be enhanced to address the rapidly evolving landscape of cyber threats. The research synthesizes findings from…
Threat Actors Trojanize Popular Games to Evade Security and Infect Systems
A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games. Exploiting the holiday season’s heightened torrent activity, the attackers distributed compromised game installers via torrent trackers. The campaign, which lasted for a month, primarily…