Executive Summary: In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth of digital assets, primarily consisting of Ethereum tokens. The recent incident with Bybit marks a…
Category: EN
U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Power Pages vulnerability, tracked as CVE-2025-24989, to its Known Exploited Vulnerabilities (KEV)…
Chinese Spies Allegedly Engaged in Ransomware Operations
Backed by the Chinese government, a cyber-espionage group has been observed engaging in ransomware-related activities as part of its intelligence activities. Further, this observation demonstrates how nation-state cyber operations and financially motivated cybercrimes have become increasingly convergent as a…
USAID Cybersecurity Aid to Ukraine Halted as Trump Administration Freezes Projects
Before and after Russia’s 2022 invasion, U.S.-funded initiatives played a crucial role in strengthening Ukraine’s cybersecurity. Many of these efforts, backed by the United States Agency for International Development (USAID), aimed to protect the country against cyber threats. However,…
Amazon Prime Phishing Campaign Siphons Login And Payment Info
The Cofense Phishing Defence Centre (PDC) has uncovered a new phishing campaign aimed particularly at Amazon Prime members, trying to steal login passwords, security answers, and payment details. The attacker sends out a well-crafted email mimicking Amazon, encouraging users…
Protect Your Security Cameras from Hackers with These Simple Steps
Security cameras are meant to keep us safe, but they can also become targets for hackers. If cybercriminals gain access, they can spy on you or tamper with your footage. To prevent this, follow these straightforward tips to ensure…
Cyber-Espionage Malware FinalDraft Exploits Outlook Drafts for Covert Operations
A newly identified malware, FinalDraft, has been leveraging Microsoft Outlook email drafts for command-and-control (C2) communication in targeted cyberattacks against a South American foreign ministry. Elastic Security Labs uncovered the attacks, which deploy an advanced malware toolset comprising a…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. You’ve Got Malware: FINALDRAFT Hides in Your Drafts Telegram Abused as C2 Channel for New Golang Backdoor Infostealing Malware Infections in…
Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole…
Wireshark 4.4.4 Released, (Sun, Feb 23rd)
Wireshark release 4.4.4 fixes 1 vulnerability (%%CVE:2025-1492%%) and 12 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.4 Released, (Sun, Feb 23rd)
Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in…
Securing Payment Pages: A Complete Guide to PCI DSS 4.0.1 Compliance for SAQ A-EP Merchants
The post Securing Payment Pages: A Complete Guide to PCI DSS 4.0.1 Compliance for SAQ A-EP Merchants appeared first on Feroot Security. The post Securing Payment Pages: A Complete Guide to PCI DSS 4.0.1 Compliance for SAQ A-EP Merchants appeared…
New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency
A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to the fintech and cryptocurrency sectors. Any.run researchers discovered zhong malware during a phishing campaign between December 20 and 24, 2024, the malware exploits customer support platforms…
BlackBastaGPT – A ChatGPT Powered Tool to Uncover Ransomware Group Tactics
A new AI-powered chatbot, BlackBastaGPT, trained on over 1 million leaked internal messages from the Black Basta ransomware gang. Hudson Rock released the tool just days after the unprecedented data breach. It enables researchers to dissect the group’s operations, financial…
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
Crypto exchange Bybit was the victim of a sophisticated attack, and threat actors stole $1.5B worth of cryptocurrency from one of the company’s offline wallets. Crypto exchange Bybit suffered a sophisticated cyberattack, threat actors transferred over 400,000 ETH and stETH worth…
North Korea’s Lazarus Group Hacks Bybit, Steals $1.5 Billion in Crypto
North Korea’s notorious Lazarus Group reportedly stole $1.5 billion in cryptocurrency from the Bybit exchange in what is being called the largest hack in the controversial market’s history. It came the same day Coinbase executives said the SEC was dropping…
Hackers Target South America and Southeast Asia
A group of hackers has been caught running a large-scale cyber spying operation, now called REF7707. The attack was first noticed in November 2024 when strange activity was detected in the Foreign Ministry of a South American country. As…
Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange
Over 400,000 ETH and stETH worth more than $1.5 billion were stolen from the Bybit cryptocurrency exchange. The post Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Russian State Actors Target Microsoft 365 Accounts Via Device Code Phishing Campaign
A hacking outfit potentially linked to Russia is running an active operation that uses device code phishing to target Microsoft 365 accounts of individuals at organisations of interest. The targets are in the government, non-governmental organisations (NGOs), IT services…
Hackers Leak 15,000 FortiGate Device Configs, IPs, and VPN Credentials
A newly identified hacking group, the Belsen Group, has leaked critical data from over 15,000 FortiGate devices on the dark web, making sensitive technical details freely available to cybercriminals. The leak includes configuration files, IP addresses, and VPN credentials,…