Jun 10, 2024NewsroomPhishing Attack / Cybercrime Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm … [Read more...] about More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
software vulnerability
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Jun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating … [Read more...] about New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
Jun 08, 2024NewsroomArtificial Intelligence / Privacy Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on … [Read more...] about Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
Learn How to Simplify Your Security Efforts
Jun 07, 2024The Hacker NewsCyber Hygiene / Webinar 2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been … [Read more...] about Learn How to Simplify Your Security Efforts
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Jun 06, 2024NewsroomBotnet / DDoS Attack The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize … [Read more...] about Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
Jun 05, 2024NewsroomCyber Espionage / Threat Intelligence An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese … [Read more...] about Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
Jun 04, 2024NewsroomCyber Attack / Malware Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called … [Read more...] about Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It … [Read more...] about Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Jun 01, 2024NewsroomAI-as-a-Service / Data Breach Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for users to create, host, and … [Read more...] about AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a single … [Read more...] about Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.