Posts

The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs
Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
Medusa ransomware: what you need to know
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
No, Brad Pitt isn’t in love with you
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
The High-Stakes Disconnect For ICS/OT Security
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
Microsoft: Happy 2025. Here’s 161 Security Updates
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Ransomware on ESXi: The mechanization of virtualized attacks
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Smashing Security podcast #399: Honey in hot water, and reset your devices
Space Bears ransomware: what you need to know
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
Product Review: How Reco Discovers Shadow AI in SaaS
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
United Nations aviation agency hacked, recruitment database plundered
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques
Top 5 Malware Threats to Prepare Against in 2025
FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
A Day in the Life of a Prolific Voice Phishing Crew
The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns
New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
Fireside chat with Graham Cluley about risks of AI adoption in 2025
The AI Fix #31: Replay: AI doesn’t exist
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites
Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics
New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
Happy 15th Anniversary, KrebsOnSecurity!
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
Ruijie Networks' Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
Top 10 Cybersecurity Trends to Expect in 2025
U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
Not Your Old ActiveState: Introducing our End-to-End OS Platform
How to Lose a Fortune with Just One Bad Click
It’s time to stop calling it “pig butchering”
INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts
The AI Fix #29: AI on OnlyFans, and the bot that wants to be a billionaire
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks
Even Great Companies Get Breached — Find Out Why and How to Stop It
5 Practical Techniques for Effective Cyber Threat Hunting
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
Rydox cybercrime marketplace seixed by law enforcement, suspected admins arrested
Data Governance in DevOps: Ensuring Compliance in the AI Era
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
How to Generate a CrowdStrike RFM Report With AI in Tines
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
27 DDoS-for-hire services disrupted in run-up to holiday season
Smashing Security podcast #397: Snowflake hackers, and under the influence
How Cryptocurrency Turns to Cash in Russian Banks
Patch Tuesday, December 2024 Edition
“CP3O” pleads guilty to multi-million dollar cryptomining scheme
The AI Fix #28: Robot dogs with bombs, and who is David Mayer?
3AM ransomware: what you need to know
Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests
Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
U.S. Offered $10M for Hacker Just Arrested by Russia
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users
The AI Fix #27: Why is AI full of real-life Bond villains?
Why Phishers Love New TLDs Like .shop, .top and .xyz
No guarantees of payday for ransomware gang that claims to have hacked children’s hospital
North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets
UK hospital, hit by cyberattack, resorts to paper and postpones procedures
Mimic ransomware: what you need to know
Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout
Hacker in Snowflake Extortions May Be a U.S. Soldier
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records
The AI Fix #26: Would AI kill sentient robots, and is water wet?
FlipaClip animation app data breach exposes details of almost 900,000 users
Feds Charge Five Men in ‘Scattered Spider’ Roundup
750,000 patients’ medical records exposed after data breach at French hospital
Smashing Security podcast #394: Digital arrest scams and stream-jacking
Fintech Giant Finastra Investigating Data Breach
The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran
Malware delivered via malicious QR codes sent in the post
An Interview With the Target & Home Depot Hacker
ShrinkLocker ransomware: what you need to know
IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord
Smashing Security podcast #393: Who needs a laptop to hack when you have a Firestick?
Microsoft Patch Tuesday, November 2024 Edition
The AI Fix #24: Where are the alien AIs, and are we being softened up for superintelligence?
Winter Fuel Payment scam targets UK citizens via SMS
200,000 SelectBlinds customers have their card details skimmed in malware attack
FBI: Spike in Hacked Police Emails, Fake Subpoenas
Smashing Security podcast #392: Pasta spies and private eyes, and are you applying for a ghost job?
Canadian Man Arrested in Snowflake Data Extortions
The AI Fix #23: Murder most weird, and why 9.11 is bigger than 9.9
Booking.com Phishers May Leave You With Reservations
Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information
Fraudsters exploit US General Election fever, FBI warns
Smashing Security podcast #391: The secret Strava service, deepfakes, and crocodiles
Change Healthcare Breach Hits 100M Americans
The AI Fix #22: Probing AI tongues and ASCII smuggling attacks
French ISP Free confirms data breach after hacker puts customer data up for auction
US offers $10 million bounty for members of Iranian hacking gang
NotLockBit: ransomware discovery serves as wake-up call for Mac users
Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal
US Facebook users can now claim their share of $725 million Cambridge Analytica settlement
3CX Breach Was a Double Supply Chain Compromise
US charges three men with six million dollar business email compromise plot
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients’ session notes
Giving a Face to the Malware Proxy Service ‘Faceless’
Army helicopter crash blamed on skipped software patch
Why is ‘Juice Jacking’ Suddenly Back in the News?
As Tax Day approaches, Microsoft warns accounting firms of targeted attacks
Pentagon leak suspect Jack Teixeira arrested at gunpoint
Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
Plenty of juice-jacking scare stories, but precious little juice-jacking
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Ukrainian hackers spend $25,000 of pro-Russian blogger’s money on sex toys
Smashing Security podcast #316: Of Musk and Afroman
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
That ticking noise is your end users’ laptops
A Serial Tech Investment Scammer Takes Up Coding?
Managed Services: A Better Understanding
German Police Raid DDoS-Friendly Host ‘FlyHosting’
5 Great Reasons You Must Outsource IT and Cybersecurity
Technology Solutions Providers: Providing the Peace of Mind You Deserve
Warning! Top Cybersecurity Concerns You Need to Consider
Preparing for the Unexpected: A Quick Guide to BCDR

Sitemap

Posts

Pages

Categories

Latest Posts