Organizations continue to be at high risk from cybercrime in Africa, despite law enforcement takedowns of cybercriminal syndicates in Nigeria and other African nations. Go to Source Author: Robert Lemos, Contributing Writer
Category Archives: Uncategorized
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-45195 (CVSS score: 7.5/9.8) – A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to […]
Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Organizations and development teams need to evolve from “being prepared” to “managing the risk” of security breaches. Go to Source Author: Kirsten Newcomer
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to Go to […]
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version […]
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. “Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update […]