Tag: The Hacker News

The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an…

Read more →

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that’s designed to target VMware ESXi environments. “This development suggests that the group could be broadening its attacks across the Linux…

Read more →

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that’s designed to target VMWare ESXi environments. “This development suggests that the group could be broadening its attacks across the Linux…

Read more →

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in…

Read more →

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made “in connection with a global cyber online crime group…

Read more →

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail…

Read more →

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. “CrowdStrike is actively working with customers impacted by a defect found in a single content…

Read more →

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you…

Read more →

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come…

Read more →

Event Overview The “AI Leaders Spill Their Secrets” webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and…

Read more →

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry…

Read more →

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a “sustained campaign” by the prolific China-based APT41 hacking group. “APT41…

Read more →

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. “A cyber attack occurred in one of our [multi-signature] wallets involving a loss of…

Read more →

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The…

Read more →

Let’s face it: AppSec and developers often feel like they’re on opposing teams. You’re battling endless vulnerabilities while they just want to ship code. Sound familiar? It’s a common challenge, but there is a solution. Ever wish they proactively cared…

Read more →

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot…

Read more →

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future’s Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the…

Read more →

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively…

Read more →

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country’s data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said…

Read more →

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability,…

Read more →