Vulnerabilities
-
Phishing Scams Exploit iMessage and RCS as New Threat Emerges
Chinese phishing operatives are now exploiting iMessage and RCS to conduct sophisticated scams, capitalizing on the encryption and advanced features of these messaging platforms. Cybersecurity firm Prodaft reveals alarming success rates for these scams, with the platform Lucid impersonating organizations worldwide.
-
New Malicious npm Packages Target Open-Source Systems with Sophisticated Attacks
Cybersecurity researchers warn of two malicious npm packages, ethers-provider2 and ethers-providerz, designed to alter legitimate installations, providing attackers enhanced access to developer systems. The novel methods underscore the growing sophistication of software supply chain threats.
-
RedCurl Hacking Group Transitions to Ransomware Tactics, Raising Alarm Among Cybersecurity Experts
The Russian-speaking hacking group RedCurl has shifted from its focus on corporate espionage to deploying ransomware for the first time, revealing a new strain identified as QWCrypt and raising significant concerns in cybersecurity circles.
-
Oracle Denies Data Breach Amidst Claims of Leaked User Information
Oracle Corporation has denied allegations of a breach affecting its cloud services, despite confirmations from numerous companies regarding the authenticity of the data supposedly stolen from 6 million users. The hacker claims to have exploited vulnerabilities in Oracle’s servers, raising significant concerns over the company’s data security practices.
-
Windows Zero-Day Exploit Traced to EncryptHub, Delivering Diverse Malware
EncryptHub is exploiting a critical zero-day vulnerability in Microsoft Windows, deploying a range of malware, including data stealers, as detailed by Trend Micro. This exploit takes advantage of the Microsoft Management Console’s functionality, posing significant risks to users.
