News
-
New Phishing Kit Targets Users by Impersonating 114 Brands Using DNS
Cybersecurity researchers have identified a new phishing-as-a-service platform dubbed Morphing Meerkat, which utilizes DNS records to execute targeted phishing attacks against 114 brands, employing sophisticated techniques to manage and disseminate stolen credentials.
-
RansomHub Affiliates Exploit EDR Tools in Ransomware Attacks
ESET’s recent analysis highlights the alarming tactics employed by RansomHub affiliates, who utilize a custom tool to disable security measures in a coordinated effort with other ransomware groups.
-
Cybersecurity Firm Exposes Ransomware Infrastructure, Protects Victims
Cybersecurity firm Resecurity has successfully infiltrated and dismantled the infrastructure of the BlackLock ransomware gang, providing critical alerts to victims ahead of planned data leaks.
-
OpenAI Expands Bug Bounty Program and Cybersecurity Initiatives
OpenAI has announced expansions to its bug bounty and cybersecurity grant programs, including a significant increase in the maximum bug bounty payout from $20,000 to $100,000 and new microgrants for innovative cybersecurity research proposals.
-
New Variants of SparrowDoor Malware Linked to Chinese Threat Actor FamousSparrow
The Chinese hacking group FamousSparrow has been linked to recent cyber attacks involving new variants of the SparrowDoor malware and the ShadowPad backdoor, targeting a U.S. trade group and a Mexican research institute.
-
RedCurl Cyberspies Adopt Ransomware Tactics Targeting Hyper-V Servers
RedCurl, a cyber-espionage group known for corporate intrusions, has shifted tactics by deploying ransomware designed to encrypt Hyper-V virtual machines. This significant evolution in their operational strategy raises concerns about their intentions and operational objectives.
-
New Atlantis AIO Platform Automates Credential Stuffing Attacks Against 140 Online Services
The newly discovered Atlantis AIO platform automates credential stuffing attacks against 140 online services, including major email and e-commerce platforms, posing significant risks if adequate security measures are not adopted.
-
Google Patches Critical Zero-Day Flaw in Chrome Amid Ongoing Cyber Threats
Google has issued a security patch for Chrome to address a severe zero-day vulnerability exploited in phishing attacks, urging users to update their browser as cyber threats continue to evolve.
-
Phishing Scams Exploit iMessage and RCS as New Threat Emerges
Chinese phishing operatives are now exploiting iMessage and RCS to conduct sophisticated scams, capitalizing on the encryption and advanced features of these messaging platforms. Cybersecurity firm Prodaft reveals alarming success rates for these scams, with the platform Lucid impersonating organizations worldwide.
-
New Malicious npm Packages Target Open-Source Systems with Sophisticated Attacks
Cybersecurity researchers warn of two malicious npm packages, ethers-provider2 and ethers-providerz, designed to alter legitimate installations, providing attackers enhanced access to developer systems. The novel methods underscore the growing sophistication of software supply chain threats.
