Cybersecurity News

A sophisticated year-long supply chain attack campaign, discovered by Checkmarx and Datadog Security Labs, has been targeting cybersecurity researchers and ethical hackers through compromised development tools and fake proof-of-concept exploits. The threat actor, identified as MUT-1244, has orchestrated a multi-vector attack that has successfully compromised thousands of security professionals’ systems. Malicious npm Package at the … Read more

A sophisticated cyber campaign targeting security researchers and hackers has been uncovered by Checkmarx and Datadog Security Labs, revealing a complex operation that has been active for over a year. The attack leverages GitHub’s popular platform to distribute malware through seemingly legitimate software packages. Sophisticated Malware Distribution Through npm Package At the heart of this … Read more

The Federal Bureau of Investigation (FBI) has issued a critical security advisory regarding an emerging threat from HiatusRAT malware, which has expanded its targeting scope to include vulnerable internet-exposed security cameras and Digital Video Recorders (DVRs). This significant development represents a concerning evolution in IoT-focused cyber attacks, potentially affecting both enterprise and consumer security systems. … Read more

Security researchers at Guardio Labs have uncovered a sophisticated malvertising campaign dubbed “DeceptionAds” that employs deceptive CAPTCHA implementations to distribute the dangerous Lumma stealer malware. This large-scale operation demonstrates an innovative approach to social engineering and leverages legitimate advertising networks to maximize its reach. Campaign Infrastructure and Distribution Tactics The threat actors, believed to be … Read more

A significant cybersecurity incident has struck Artivion, a leading medical device manufacturer specializing in cardiac surgical equipment. The ransomware attack, which occurred on November 21, 2023, forced the company to implement emergency protocols and temporarily suspend critical IT systems to contain potential damage. Impact Assessment on Healthcare Supply Chain Artivion, headquartered in Georgia, USA, stands … Read more

Security researchers at 0patch have uncovered a critical zero-day vulnerability affecting all major versions of Windows that enables attackers to steal user credentials through NTLM authentication. What makes this vulnerability particularly concerning is its simplicity – merely previewing a malicious file in Windows Explorer can trigger the exploit, requiring no additional user interaction. Vulnerability Scope … Read more

Byte Federal, the leading cryptocurrency ATM operator in the United States, has disclosed a significant security breach that compromised sensitive information of approximately 58,000 customers. The incident, discovered on November 18, 2024, originated from an exploitation of a vulnerability in their GitLab source code management system, highlighting the growing concerns about supply chain security in … Read more

Cybersecurity researchers at Lookout have uncovered a sophisticated Android surveillance tool dubbed EagleMsgSpy, revealing its extensive deployment by Chinese law enforcement agencies since 2017. This discovery highlights the growing sophistication of state-sponsored mobile surveillance capabilities and raises significant privacy concerns. Technical Analysis and Attribution The malware has been traced to Wuhan Chinasoft Token Information Technology … Read more

A severe security vulnerability has been discovered in WPForms, one of WordPress’s most popular form builder plugins, potentially affecting over 6 million websites. The vulnerability enables attackers with basic subscriber-level access to manipulate payment systems, specifically allowing unauthorized refunds and subscription cancellations through Stripe payment processing. Understanding the Technical Impact The vulnerability, tracked as CVE-2024-11205, … Read more

Cybersecurity researchers at Mandiant have uncovered a groundbreaking attack technique that exploits QR codes to bypass browser isolation security measures, raising significant concerns about the effectiveness of current enterprise network protection systems. This innovative approach demonstrates how threat actors could potentially circumvent one of the most trusted security technologies in corporate environments. Understanding Browser Isolation … Read more