The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. “This incident reflects a broader pattern…
Tag: EN
European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware This article has been indexed from www.infosecurity-magazine.com Read the original article: European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens
A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow. Security experts, notably from Praetorian, have warned that threat actors are leveraging this mechanism to trick…
Apple confirmed that Messages app flaw was actively exploited in the wild
Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in…
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart. This article has been indexed from HACKMAGEDDON Read the…
SimpleHelp Vulnerability Exploited Against Utility Billing Software Users
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers. The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
Discover the capabilities of Microsoft 365 Data Loss Prevention (DLP) and understand its limitations. Learn how to prevent unauthorized data access and sharing. The post Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage appeared…
Serverless Tokens in the Cloud: Exploitation and Detections
Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers. The post Serverless Tokens in the Cloud: Exploitation and Detections appeared first on Unit 42. This article has been indexed from Unit…
Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM
Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform. The Cybersecurity and Infrastructure Security Agency…
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to privilege escalation risks through improper ACL policy enforcement. The vulnerability, rated 8.1 CVSS, enables attackers to bypass namespace restrictions via…
Paragon Spyware used to Spy on European Journalists
Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On…
Fog Ransomware Attack Employs Unusual Tools
Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41. The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
SAML vs. OAuth 2.0: Mastering the Key Differences
Imagine this: It’s Monday morning. You grab your coffee, sit down at your desk, and open up your computer. First, you log into your email. Then, your project management tool… Before you’ve even tackled your first task, you’ve navigated a…
Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedented blend of…
Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists
Security researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running iOS 18.2.1, highlighting the persistent threat…
Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Gang Exploits SimpleHelp RMM…
Google “strongly encourages” its users to stop using passwords
Most users who have online accounts sign in using passwords. While there are some outliers, using security keys, passkeys and other advanced sign in options, the majority still relies heavily on passwords. […] Thank you for being a Ghacks reader.…
JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript
A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code. Dubbed “JSFireTruck,” this obfuscation technique enables cybercriminals to quietly redirect unsuspecting visitors to malicious sites capable…
Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware
The Fog ransomware group has evolved beyond conventional attack methods, deploying an unprecedented arsenal of legitimate pentesting tools in a sophisticated May 2025 campaign targeting a financial institution in Asia. This latest operation marks a significant departure from typical ransomware…
Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider
Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) systems. The attack represents a concerning evolution in ransomware tactics, where threat actors are leveraging trusted remote…