Jan 01, 2025Ravie LakshmananWeb Security / Vulnerability Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on … [Read more...] about New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites
cyber security news
New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
Dec 31, 2024Ravie LakshmananData Security / Privacy The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in … [Read more...] about New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
Dec 30, 2025Ravie LakshmananCybersecurity / Compliance The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and … [Read more...] about New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
Dec 29, 2025Ravie LakshmananEndpoint Protection / Browser Security A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their … [Read more...] about 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and … [Read more...] about 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
Dec 27, 2024Ravie LakshmananCryptocurrency / Cyber Espionage North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as … [Read more...] about North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Dec 26, 2024Ravie LakshmananCybercrime / Ransomware A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and … [Read more...] about Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam … [Read more...] about Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, … [Read more...] about Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Dec 23, 2024Ravie LakshmananMachine Learning / Threat Analysis Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate … [Read more...] about AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case