Flare researchers found that Tudou Guarantee’s shutdown fueled the rapid rise of competing cybercrime marketplaces. The post Tudou Guarantee Successors Expand Cybercrime Marketplace appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article:…
Category: EN
INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million
INTERPOL’s Operation First Light 2026 led to 5,811 arrests, blocked $293M in criminal assets, and disrupted global fraud and money laundering networks. INTERPOL coordinated a four-month operation across 97 countries and territories that ended with 5,811 arrests and the interception…
Microsoft Warns of GigaWiper Backdoor Built to Destroy Windows PCs
Microsoft details GigaWiper, a destructive Windows backdoor that can wipe disks, encrypt files and give attackers remote access to compromised systems globally. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
China Warns of Claude Code ‘Backdoor’ Security Risk
China warned organizations to remove certain Claude Code versions over alleged backdoor risks, while Anthropic called the feature anti-abuse protection. The post China Warns of Claude Code ‘Backdoor’ Security Risk appeared first on TechRepublic. This article has been indexed from…
Common MFA mistakes — and how to fix them
<p>MFA has long been one of the most effective security controls an organization can deploy. It’s inexpensive compared to many security technologies, relatively easy to implement and capable of stopping a large percentage of credential-based attacks.</p> <p>It’s not a coincidence…
RedHook Android RAT Abuses ADB Wireless Debugging to Gain Shell-Level Access
A resurfaced Android banking trojan called RedHook has returned with a dangerous new trick, hijacking a legitimate developer feature to quietly seize deep control of infected phones. Rather than relying on complex exploits, the malware weaponizes ADB Wireless Debugging, a…
ACSC Warns of Large-Scale CMS Exploitation Campaign Deploys Webshells on Vulnerable Websites
A large hacking campaign is sweeping across websites worldwide, turning ordinary content management systems into launchpads for attackers. Small and medium sized businesses in Australia and beyond are finding their web servers quietly hijacked, often without obvious warning signs. The…
GodDamn Ransomware Rebrands From Beast and Uses PoisonX Driver to Disable Defenses
GodDamn ransomware has emerged as a serious threat, marking the third rebrand of a family that has quietly evolved since 2022. What makes this variant stand out is not just its encryption ability but the malicious kernel driver it uses…
Why Embedded Device Security Requires a Lifecycle Approach
As embedded devices remain in service for decades, organizations need continuous visibility to manage evolving software and firmware risks. The post Why Embedded Device Security Requires a Lifecycle Approach appeared first on eSecurity Planet. This article has been indexed from…
WolfSSL, GeoVision, VTK vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party…
GodDamn Ransomware Uses PoisonX to Blind Security Software
GodDamn ransomware uses the signed PoisonX driver to disable security tools, marking a more advanced version of the Beast ransomware family. Symantec’s Threat Hunter Team found a new ransomware family called GodDamn that first appeared in the wild on May…
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is…
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that…
HP Linux Printing Software Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical security vulnerability has been identified in HP Linux Imaging and Printing (HPLIP) software that could allow remote attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-14544, carries a high-severity CVSS v3 score of 9.8,…
Hackers Abuse Microsoft Entra Passkey Enrollment to Hijack Enterprise Accounts
Cybercriminals have found a new way to hijack corporate Microsoft accounts by exploiting the very feature meant to protect them: passkeys. A threat group tracked as O UNC 066, also called Pink by Palo Alto Networks Unit 42, has run…
RoundCube 0-Click Vulnerability Enables Stored XSS Attack via MIME Type Attachment
Roundcube has released version 1.7 to patch six security vulnerabilities, including two critical stored cross-site scripting (XSS) flaws that require zero user interaction to exploit. The update addresses issues discovered by researchers at Samsung R&D Institute Ukraine (SRUKR), among others,…
A Hacker Used AI to Compromise an AWS Cloud Environment in Just 72 Hours
A large-scale AWS intrusion reveals how AI-assisted attackers can chain familiar cloud techniques to move from initial access to full environmental compromise in roughly 72 hours, not through novel exploits, but through unprecedented speed, scale, and orchestration. According to Sygnia’s…
Microsoft Adopts AI-Powered Scanning to Find Vulnerabilities Before Attackers
Microsoft has formally expanded its use of artificial intelligence in vulnerability discovery, deploying a proprietary multi-model agentic scanning system across the Windows codebase to identify and patch security flaws before adversaries can exploit them a move that is already reshaping…
Winning 54% of the time
With Wimbledon’s help, Hazel argues against the popular myth that “Attackers only need to be right once, but defenders need to be right 100% of the time.” This article has been indexed from Cisco Talos Blog Read the original article:…
AssuranceAmerica Data Breach Exposes Nearly 7 Million Drivers
AssuranceAmerica disclosed a data breach affecting nearly 7 million people after attackers compromised an employee account. The post AssuranceAmerica Data Breach Exposes Nearly 7 Million Drivers appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…