Threat actors have rapidly compromised more than 100 SonicWall SSL VPN accounts pertaining to over a dozen entities. The post SonicWall SSL VPN Accounts in Attacker Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Tag: EN
Sensitive Information of NSW Flood Victims Mistakenly Entered into ChatGPT
A serious data breach involving the personal details of thousands of flood victims has been confirmed by the New South Wales government in an unsettling development that highlights the fragile boundary between technology and privacy. There has been an…
Clop Ransomware Exploits Oracle Zero-Day in Major Extortion Campaign
The Clop ransomware gang has orchestrated a massive extortion campaign targeting Oracle E-Business Suite customers by exploiting a critical zero-day vulnerability tracked as CVE-2025-61882. The vulnerability, which carries a CVSS score of 9.8, affects Oracle EBS versions 12.2.3 through…
Qilin Ransomware Hits Beer Giant Asahi
A cyberattack has temporarily disrupted the operations of Asahi Group Holdings, Japan’s largest brewing company. The Qilin ransomware group has taken The post Qilin Ransomware Hits Beer Giant Asahi first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
Harvard Probes Breach Tied To Oracle Flaw
Harvard University is investigating a data breach after the notorious Clop ransomware gang listed the school on its data leak site. The group claims to have stolen data The post Harvard Probes Breach Tied To Oracle Flaw first appeared on…
Rust Malware ChaosBot Exploits Discord
A new backdoor, dubbed ChaosBot, has been discovered by cybersecurity researchers. The malware, which is written in the Rust programming language The post Rust Malware ChaosBot Exploits Discord first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Fake Inflation Refund Text Scam Hits NY
An ongoing text message scam is targeting New Yorkers, impersonating the Department of Taxation and Finance to steal personal and financial information The post Fake Inflation Refund Text Scam Hits NY first appeared on CyberMaterial. This article has been indexed…
Malicious Npm Packages Used In Phishing
Researchers have uncovered a new and unusual credential harvesting campaign, dubbed Beamglea, that abuses the npm registry and a content delivery network The post Malicious Npm Packages Used In Phishing first appeared on CyberMaterial. This article has been indexed from…
Is Hacking Back Ever a Good Strategy?
Hacking back aims to retaliate against cyberattackers by launching a counterattack to disrupt their systems, recover stolen data or send a message. As cyberthreats grow more frequent and sophisticated, it’s… The post Is Hacking Back Ever a Good Strategy? appeared…
Pro-Russian Hacktivist Targets OT/ICS Systems to Harvest Credentials
In September, a nascent pro-Russian hacktivist group known as TwoNet staged its first operational technology and industrial control systems (OT/ICS) intrusion against our water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary ultimately created backdoor…
Axis Communications Vulnerability Exposes Azure Storage Credentials
Axis Communications, a leading provider of network video and surveillance solutions, has confirmed a critical vulnerability in its Autodesk® Revit® plugin that exposed Azure Storage Account credentials within signed DLLs. Discovered in July 2024 by Trend Micro’s Zero Day Initiative™…
China probes Qualcomm’s Autotalks deal amid rising US trade tensions
Beijing insists it’s business as usual – Washington might see it differently China’s competition regulator has launched an investigation into Qualcomm’s purchase of Israeli firm Autotalks, the latest salvo in the escalating tech trade war between Washington and Beijing.… This…
SimonMed Imaging Data Breach Impacts 1.2 Million
SimonMed Imaging was targeted by the Medusa ransomware group, which claimed to have stolen 200 Gb of data. The post SimonMed Imaging Data Breach Impacts 1.2 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
EDR-Freeze: Technical Mechanics and Forensic Artifacts Exposed
EDR-Freeze is a proof-of-concept tool that forces endpoint detection and response (EDR) or antivirus processes into a temporary “coma.” Instead of installing a vulnerable driver, it leverages legitimate Windows Error Reporting components, specifically WerFaultSecure.exe and the MiniDumpWriteDump API to pause security…
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility…
NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms
Threat actors used automation to create over 175 malicious NPM packages targeting more than 135 organizations. The post NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms appeared first on SecurityWeek. This article has been indexed from…
Invoicely Database Leak Exposes 180,000 Sensitive Records
Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide. This article…
Hackers Exploit Microsoft Edge’s Internet Explorer Mode to Compromise User Devices
Microsoft Edge has identified and mitigated a critical threat exploiting its Internet Explorer (IE) compatibility mode, closing off high-risk entry points and reinforcing security for both individual and enterprise users. Although the web has largely embraced modern standards, many enterprise…
Astaroth Trojan abuses GitHub to host configs and evade takedowns
The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHub repositories to host malware configurations. This allows attackers to…
AI and the Future of American Politics
Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have seen plenty of warning signs from elections worldwide demonstrating how AI…