More results...
Netcraft security researchers have identified a significant resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) operation, distinguished by its cartoon mouse mascot and frictionless cybercrime toolkit. The group’s cryptocurrenc…
Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.
A comprehensive research study has identified a widespread path traversal vulnerability (CWE-22) affecting 1,756 open-source GitHub projects, some of which are highly influential in the software ecosystem. The vulnerability, present in a commonly used …
Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authent…
Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.
Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…
A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over $280,000 in illicit transactions.
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias “cappership.” The attack leverages a malicious p…
A new wave of phishing attacks, known as Fullscreen Browser-in-the-Middle (BitM) attacks, is exploiting browser features to steal user credentials with unprecedented stealth. Unlike traditional phishing, which relies on fake websites and visible clues,…