Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. […] Go to Source Author: Bill Toulas
Category Archives: Security
Police arrested 270 suspects following an international law enforcement action codenamed ‘Operation RapTor’ that targeted dark web vendors and customers from ten countries. […] Go to Source Author: Sergiu Gatlan
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. […] Go to Source Author: Bill Toulas
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. […] Go to Source Author: Sergiu Gatlan
The Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security failures that led to several data breaches since 2018. […] Go to Source Author: Sergiu Gatlan
Signal has updated its Windows app to protect users’ privacy by blocking Microsoft’s AI-powered Recall feature from taking screenshots of their conversations. […] Go to Source Author: Sergiu Gatlan
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. […] Go to Source Author: Bill Toulas
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. […] Go to Source Author: Bill Toulas
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. […] Go to Source Author: Ionut Ilascu
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. […] Go to Source Author: Bill Toulas