6 posts were published in the last hour 16:2 : Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack 15:32 : CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks 15:32 : AsyncRAT Dark…
Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss
Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in April 2025. Hackers have weaponized three malicious Go modules-github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy-to deploy devastating disk-wiping malware. Leveraging the decentralized nature of Go’s module system, where…
RansomHub Taps SocGholish: WebDAV & SCF Exploits Fuel Credential Heists
SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering payloads like Cobalt Strike and, more recently, RansomHub ransomware. Darktrace’s Threat Research team has tracked multiple incidents since January 2025, where threat actors exploited SocGholish…
DragonForce group claims the theft of data after Co-op cyberattack
Hackers claim Co-op cyberattack is worse than admitted, with major customer and employee data stolen, and provide proof to the BBC. The attackers behind the recent Co-op cyberattack, who go online with the name DragonForce, told the BBC that they…
AsyncRAT Dark Mode – New Version of AsyncRAT on GitHub With Remote Access & Monitoring
A new, modified version of the popular AsyncRAT tool, dubbed AsyncRAT Dark Mode, has been released on GitHub, offering users a modernized interface and enhanced functionality for remote system monitoring and control. This open-source project introduces a stylish dark theme,…
Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked
Pakistan’s cyber warfare against India Recently, Pakistan state-sponsored hacker groups launched multiple failed hacking attempts to hack Indian websites amid continuous cyber offensives against India after the Pahalgam terror attack. These breach attempts were promptly identified and blocked by the…
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable. The names of the packages are listed below – github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp…
CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks
CISA has issued an urgent advisory highlighting critical vulnerabilities in KUNBUS GmbH’s Revolution Pi industrial automation devices. These flaws, which include authentication bypass and remote code execution risks, threaten sectors like manufacturing, energy, and healthcare. Attackers can disrupt operations, manipulate…
AsyncRAT Dark Mode – New Version of AsyncRAT on GitHub With New Features
A new, modified version of the popular AsyncRAT tool, dubbed AsyncRAT Dark Mode, has been released on GitHub, offering users a modernized interface and enhanced functionality for remote system monitoring and control. This open-source project introduces a stylish dark theme,…
Bsideslv24 – Proving Ground – Unleashing The Future Of Development: The Secret World Of Nix & Flakes
Author/Presenter: Jason Odoom Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post Bsideslv24…
Bitdefender Warns of Surge in Subscription Scams Disguised as Online Stores and Mystery Boxes
Cybersecurity researchers at Bitdefender have uncovered a sharp increase in deceptive online subscription scams, with fraudsters disguising themselves as legitimate e-commerce platforms and mystery box vendors. These sophisticated schemes are luring unsuspecting users into handing over sensitive credit card…
North Korean Hackers Create Fake U.S. Firms to Dupe Crypto Developers
Threat analysts at Silent Push, a U.S. cybersecurity firm, told Reuters that North Korean cyber spies established two companies in the U.S., Blocknovas LLC and Softglide LLC, using fictitious personas and addresses to infect developers in the cryptocurrency industry…
Phishing Emails Impersonating Qantas Target Credit Card Info
Fake Qantas emails in a sophisticated phishing scam steal credit card and personal info from Australians, bypassing major… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Phishing Emails…
Many Internet Users Suffer Account Breaches Due to Weak Passwords, Study Finds
A recent study has shown that more than one in three people have had at least one of their online accounts broken into during the past year. The main reason? Poor or stolen passwords. The report comes from the…
Coinbase Fixes Account Log Bug That Mistakenly Triggered 2FA Breach Alerts
Coinbase has resolved a logging issue in its system that led users to wrongly believe their accounts had been compromised, after failed login attempts were mistakenly labeled as two-factor authentication (2FA) failures. As first uncovered by BleepingComputer, the bug…
Yemeni Man Charged in U.S. for Black Kingdom Ransomware Deployed on Schools & Business Networks
A Yemeni national, Rami Khaled Ahmed, aged 36, has been indicted by federal authorities in the Central District of California for allegedly orchestrating a cyberattack campaign using Black Kingdom ransomware to extort victims, the U.S. Department of Justice announced. Ahmed…
Hackers Using Weaponized PDF To Deliver Remcos RAT Malware on Windows
Researchers at Trustwave SpiderLabs has uncovered a sophisticated malspam campaign distributing the notorious RemcosRAT malware on windows. The campaign leverages a deceptive fake payment notice disguised as a SWIFT copy to trick victims into downloading a malicious PDF, ultimately leading…
How Riot Games is fighting the war against video game hackers
Riot’s “anti-cheat artisan” Phillip Koskinas explains how he and his team go after cheaters and cheat developers to protect the integrity of games, such as Valorant and League of Legends. This article has been indexed from Security News | TechCrunch…
Critical “AirBorne” Vulnerabilities in Apple AirPlay – Billions of Devices at Risk
The Oligo Security researchers have uncovered a significant set of 23 vulnerabilities, dubbed “AirBorne,” affecting Apple’s AirPlay protocol… The post Critical “AirBorne” Vulnerabilities in Apple AirPlay – Billions of Devices at Risk appeared first on Hackers Online Club. This article…
Hacking Spree Hits UK Retail Giants
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death. This article has been indexed…
U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server…
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February…
U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana’a, Yemen,…
IT Security News Hourly Summary 2025-05-03 09h : 1 posts
1 posts were published in the last hour 6:31 : The Paramount Importance of Strong Passwords and Credential Hygiene
Steganography Challenge, (Sat, May 3rd)
If you are interested in experimenting with steganography and my tools, I propose the following challenge. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Steganography Challenge, (Sat, May 3rd)
The Paramount Importance of Strong Passwords and Credential Hygiene
“This World Password Day is a timely reminder that strong passwords are more than just a best practice, they are critical to safeguarding our personal and professional digital lives. In a world where our data is stored, processed, and accessed…
Post-Breach Recovery – A CISO’s Guide to Reputation Management
In an era where data breaches increasingly dominate headlines, Chief Information Security Officers (CISOs) face unprecedented pressure to mitigate technical fallout and salvage organizational trust. The 2024 FTC settlement with Marriott International, a $52 million penalty for systemic security failures,…