Cybersecurity News
-
PortSwigger Launches Burp AI to Enhance Penetration Testing with AI
PortSwigger, the makers of Burp Suite, has taken a giant leap forward in the field of cybersecurity with the launch of Burp AI, a groundbreaking set of artificial intelligence (AI) features…
Read More » -
Linux Lite 7.4 Final Released: Enhanced GUI and Bug Fixes
Linux Lite, a popular lightweight Linux distribution aimed at making Linux accessible to beginners, has officially released its Linux Lite 7.4 Final version. This release comes with several incremental updates that improve…
Read More » -
Operation HollowQuill – Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov & Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized…
Read More » -
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
In a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals…
Read More » -
PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel
PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in a new campaign targeting users in Taiwan. Initially, PJobRAT was known for targeting Indian military personnel…
Read More » -
“Crocodilus” A New Malware Targeting Android Devices for Full Takeover
Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial institutions and cryptocurrency platforms. The malware employs advanced techniques like remote device control, stealthy overlays, and…
Read More » -
New Python-Based Discord RAT Targets Users to Steal Login Credentials
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This…
Read More » -
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each…
Read More » -
Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands
Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed “Morphing Meerkat,” that leverages DNS mail exchange (MX) records to dynamically serve tailored phishing pages mimicking over 100 brands. The…
Read More » -
Red Team Tactics Grow More Sophisticated with Advancements in Artificial Intelligence
A recent scoping review has revealed that red team tactics are becoming increasingly sophisticated as artificial intelligence (AI) technologies advance. The study, which analyzed 11 articles published between 2015 and…
Read More » -
Classiscam Operators Use Automated Malicious Sites to Steal Financial Data
Classiscam, an automated scam-as-a-service operation, has been identified as a significant threat in Central Asia, leveraging sophisticated techniques to defraud users of online marketplaces and e-commerce platforms. This fraudulent scheme,…
Read More » -
Blacklock Ransomware Infrastructure Breached, Revealing Planned Attacks
Resecurity, a prominent cybersecurity firm, has successfully exploited a vulnerability in the Data Leak Site (DLS) of Blacklock Ransomware, gaining unprecedented access to the group’s infrastructure. This breach, occurring during…
Read More » -
Massive Data Breach Hits NSW Online Registry: 9,000+ Files Stolen
A major cybersecurity incident has struck the New South Wales court system, as cybercrime detectives investigate a significant data breach affecting the Department of Communities and Justice (DCJ). The breach…
Read More » -
Hackers Exploit COM Objects for Fileless Malware and Lateral Movement
Security researchers Dylan Tran and Jimmy Bayne have unveiled a new fileless lateral movement technique that exploits trapped Component Object Model (COM) objects in Windows systems. This method, based on…
Read More » -
Threat Actors Use “Atlantis AIO” Tool to Automate Credential Stuffing Attacks
In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate and scale credential stuffing attacks across more than 140 platforms.…
Read More » -
Cloudflare Attributes Service Outage to Faulty Password Rotation
Cloudflare experienced a significant service outage that affected several of its key offerings, including R2 object storage, Cache Reserve, Images, Log Delivery, Stream, and Vectorize. The incident, which lasted 1…
Read More » -
Malicious AI Tools See 200% Surge as ChatGPT Jailbreaking Talks Increase by 52%
The cybersecurity landscape in 2024 witnessed a significant escalation in AI-related threats, with malicious actors increasingly targeting and exploiting large language models (LLMs). According to KELA’s annual “State of Cybercrime”…
Read More » -
Cybercriminals Bypass Security Using Legitimate Tools & Browser Extensions to Deliver Malware
In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and browser extensions to bypass security measures and deliver malware, according to Ontinue’s latest Threat Intelligence Report.…
Read More »