Cybersecurity News

A significant cybersecurity incident has emerged as the hacking group Belsen Group released sensitive data from over 15,000 FortiGate devices on the dark web. The breach exposes critical security configurations, VPN credentials, and IP addresses, presenting substantial risks to affected organizations’ network infrastructure and data security. Breach Analysis and Impact Assessment The leaked archive, measuring … Read more

Security researchers at c/side have uncovered a sophisticated cyber attack campaign targeting WordPress websites, with over 5,000 sites already compromised. The attackers are employing advanced techniques to infiltrate vulnerable WordPress installations and exfiltrate sensitive data, presenting a significant threat to website owners and their users. Attack Vector and Compromise Indicators The attack chain begins with … Read more

Cybersecurity researchers at FACCT have uncovered a sophisticated phishing campaign targeting defense and industrial enterprises. The operation, attributed to the advanced persistent threat (APT) group Sticky Werewolf (also known as PhaseShifters), demonstrates an evolution in tactics by impersonating government officials to compromise critical infrastructure targets. Sophisticated Social Engineering Tactics Revealed On January 13, 2025, security … Read more

The U.S. Department of Justice has unveiled charges against three operators of cryptocurrency mixing services Blender.io and Sinbad.io in a landmark case highlighting the ongoing battle against digital money laundering. The investigation reveals sophisticated operations that allegedly processed over $500 million in criminal proceeds, primarily linked to ransomware attacks and North Korean state-sponsored cyber operations. … Read more

A significant security breach has been reported by Grinding Gear Games (GGG), affecting their flagship title Path of Exile 2. The incident, involving the compromise of an administrative account, has resulted in substantial theft of in-game assets from dozens of players, highlighting critical vulnerabilities in gaming platform security infrastructure. Attack Vector Analysis and Breach Methodology … Read more

Security researchers at Wiz have uncovered a significant vulnerability (CVE-2024-43405) in the widely-used Nuclei security scanning tool, rated at 7.4 on the CVSS scale. This high-severity flaw enables attackers to bypass template signature verification mechanisms and execute arbitrary code on target systems, posing a substantial risk to organizations utilizing this security testing framework. Understanding Nuclei … Read more

Security researcher Paulos Yibelo has uncovered a sophisticated new attack vector dubbed “DoubleClickjacking,” which effectively circumvents established clickjacking protection mechanisms. This innovative technique exploits the way browsers handle double-click events, presenting a significant security challenge for web applications and their users. Understanding the DoubleClickjacking Attack Mechanism Unlike traditional clickjacking attacks that rely on hidden iframe … Read more

Security researchers at Socket have uncovered a sophisticated supply chain attack targeting Ethereum developers through the npm package registry. The campaign involved 20 malicious packages masquerading as the popular Hardhat development framework, accumulating over 1,000 downloads before detection. This incident represents a significant threat to the blockchain development ecosystem and highlights the growing sophistication of … Read more

A comprehensive analysis by 404 Media reveals a significant transformation in Telegram’s approach to user privacy, with unprecedented levels of data disclosure to law enforcement agencies throughout 2024. This shift marks a crucial turning point in the messaging platform’s historical stance on user data protection and privacy. Statistical Analysis of Data Disclosure Patterns The investigation … Read more

Cybersecurity researchers have uncovered a concerning practice implemented by Microsoft Bing that poses potential security risks to users. The search engine has been found to generate a Google-like interface when users search for specific Google-related terms, raising significant concerns about digital safety and the legitimization of deceptive practices in web services. Understanding the Technical Implementation … Read more