Mar 10, 2025Ravie LakshmananCybersecurity / Malware Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely … [Read more...] about Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
software vulnerability
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
Mar 07, 2025Ravie Lakshmanan Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in … [Read more...] about FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Mar 07, 2025Ravie LakshmananMalvertising / Open Source Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the … [Read more...] about Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Learn How ASPM Transforms Application Security from Reactive to Proactive
Mar 07, 2025The Hacker NewsSoftware Security / AppSec Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application … [Read more...] about Learn How ASPM Transforms Application Security from Reactive to Proactive
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been … [Read more...] about Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Mar 05, 2025Ravie LakshmananNetwork Security / Data Breach The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft … [Read more...] about China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Mar 04, 2025Ravie LakshmananCybercrime / Threat Intelligence Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants … [Read more...] about Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mar 03, 2025Ravie LakshmananCloud Security / Email Security Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), … [Read more...] about Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
Mar 01, 2025Ravie LakshmananPrivacy / Data Protection Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes … [Read more...] about Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
Feb 28, 2025Ravie LakshmananMobile Security / Zero-Day A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android … [Read more...] about Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone