The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. “This research focuses on completing the picture of UAC-0063’s operations, particularly documenting their expansion beyond their initial focus on Central Asia, […]
Category Archives: Uncategorized
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. “A malicious user with network access may be able to use specially crafted […]
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert Go to Source […]
The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
The now-fixed vulnerability involved a major travel services company that’s integrated with dozens of airline websites worldwide. Go to Source Author: Jai Vijayan, Contributing Writer
In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Concerns include everything from ransomware, malware, and phishing attacks on the game’s infrastructure to those targeting event sponsors and fans. Go to Source Author: Jai Vijayan, Contributing Writer
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that’s delivered […]
Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare. Go to Source Author: Keavy Murphy
Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. “By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – […]