Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
Security researchers at Trufflesecurity have uncovered a significant vulnerability in Google’s OAuth authentication system that poses a severe risk to former employees of defunct startups. The security flaw enables malicious actors to gain unauthorized access to sensitive corporate data through the “Sign in with Google” feature, potentially affecting millions of user accounts across popular SaaS … Read more
Microsoft’s Digital Crimes Unit (DCU) has uncovered a sophisticated cyber attack campaign targeting artificial intelligence services, where threat actors leveraged stolen credentials to gain unauthorized access to generative AI platforms. The operation revealed a complex scheme designed to monetize access to AI tools by providing malicious actors with capabilities to generate harmful content. Attack Vector … Read more
A significant cybersecurity incident has emerged as the hacking group Belsen Group released sensitive data from over 15,000 FortiGate devices on the dark web. The breach exposes critical security configurations, VPN credentials, and IP addresses, presenting substantial risks to affected organizations’ network infrastructure and data security. Breach Analysis and Impact Assessment The leaked archive, measuring … Read more
Security researchers at c/side have uncovered a sophisticated cyber attack campaign targeting WordPress websites, with over 5,000 sites already compromised. The attackers are employing advanced techniques to infiltrate vulnerable WordPress installations and exfiltrate sensitive data, presenting a significant threat to website owners and their users. Attack Vector and Compromise Indicators The attack chain begins with … Read more
Cybersecurity researchers at FACCT have uncovered a sophisticated phishing campaign targeting defense and industrial enterprises. The operation, attributed to the advanced persistent threat (APT) group Sticky Werewolf (also known as PhaseShifters), demonstrates an evolution in tactics by impersonating government officials to compromise critical infrastructure targets. Sophisticated Social Engineering Tactics Revealed On January 13, 2025, security … Read more
The U.S. Department of Justice has unveiled charges against three operators of cryptocurrency mixing services Blender.io and Sinbad.io in a landmark case highlighting the ongoing battle against digital money laundering. The investigation reveals sophisticated operations that allegedly processed over $500 million in criminal proceeds, primarily linked to ransomware attacks and North Korean state-sponsored cyber operations. … Read more
A significant security breach has been reported by Grinding Gear Games (GGG), affecting their flagship title Path of Exile 2. The incident, involving the compromise of an administrative account, has resulted in substantial theft of in-game assets from dozens of players, highlighting critical vulnerabilities in gaming platform security infrastructure. Attack Vector Analysis and Breach Methodology … Read more
Security researchers at Wiz have uncovered a significant vulnerability (CVE-2024-43405) in the widely-used Nuclei security scanning tool, rated at 7.4 on the CVSS scale. This high-severity flaw enables attackers to bypass template signature verification mechanisms and execute arbitrary code on target systems, posing a substantial risk to organizations utilizing this security testing framework. Understanding Nuclei … Read more
Security researcher Paulos Yibelo has uncovered a sophisticated new attack vector dubbed “DoubleClickjacking,” which effectively circumvents established clickjacking protection mechanisms. This innovative technique exploits the way browsers handle double-click events, presenting a significant security challenge for web applications and their users. Understanding the DoubleClickjacking Attack Mechanism Unlike traditional clickjacking attacks that rely on hidden iframe … Read more
Security researchers at Socket have uncovered a sophisticated supply chain attack targeting Ethereum developers through the npm package registry. The campaign involved 20 malicious packages masquerading as the popular Hardhat development framework, accumulating over 1,000 downloads before detection. This incident represents a significant threat to the blockchain development ecosystem and highlights the growing sophistication of … Read more
