-
Threat Actors Leverage Email Bombing to Evade Security Tools and Conceal Malicious Activity
Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious endeavors. Email bombing, known also…
Read More » -
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams,…
Read More » -
PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
A sophisticated phishing campaign, dubbed “PoisonSeed,” has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate…
Read More » -
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates…
Read More » -
Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands
Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed “Morphing Meerkat,” that leverages DNS mail exchange (MX) records to…
Read More » -
Blacklock Ransomware Infrastructure Breached, Revealing Planned Attacks
Resecurity, a prominent cybersecurity firm, has successfully exploited a vulnerability in the Data Leak Site (DLS) of Blacklock Ransomware, gaining…
Read More » -
Threat Actors Use “Atlantis AIO” Tool to Automate Credential Stuffing Attacks
In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate…
Read More » -
Cloudflare Attributes Service Outage to Faulty Password Rotation
Cloudflare experienced a significant service outage that affected several of its key offerings, including R2 object storage, Cache Reserve, Images,…
Read More » -
Cybercriminals Bypass Security Using Legitimate Tools & Browser Extensions to Deliver Malware
In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and browser extensions to bypass security measures…
Read More » -
Threat Actors Leverage Reddit to Spread AMOS and Lumma Stealers
In a recent surge of cyber threats, threat actors have been exploiting Reddit to distribute two potent malware variants: AMOS…
Read More » -
Hackers Use Fake Meta Emails to Steal Ad Account Credentials
A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive…
Read More » -
New Steganographic Malware Hides in JPEG Files to Spread Infostealers
A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files. This…
Read More » -
mySCADA myPRO Manager RCE Vulnerabilities Allow Remote Attackers to Take Control of ICS Devices
In a significant discovery, PRODAFT’s security research team has identified two critical vulnerabilities in the mySCADA myPRO Manager, a widely…
Read More » -
Fake Coinbase Migration Messages Target Users to Steal Wallet Credentials
A sophisticated phishing campaign is currently targeting cryptocurrency investors with fraudulent emails claiming to be from Coinbase. The scam attempts…
Read More » -
AWS SNS Exploited for Data Exfiltration and Phishing Attacks
Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and…
Read More » -
Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes
In a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind Eagle, has intensified its operations targeting…
Read More » -
Jaguar Land Rover Allegedly Hit by Cyberattack, Hacker Claims
A threat actor known as “Rey” has come forward on a prominent dark web forum, claiming responsibility for a significant…
Read More »