Tag: attack
-
Renewed APT29 Phishing Campaign Against European Diplomats
by
in SecurityNewsighlights Introduction Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed toAPT29, a Russialinkedthreat group. APT29, also commonly referred to as Midnight Blizzard…
-
Where it Hertz: Customer data driven off in Cleo attacks
by
in SecurityNewsCar hire biz takes your privacy seriously, though First seen on theregister.com Jump to article: www.theregister.com/2025/04/15/hertz_cleo_customer_data/
-
Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader
by
in SecurityNewsSecurity researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location. This loader initiates a complex chain involving obfuscated PowerShell scripts, ultimately executing potent malware like the XWorm Remote Access Trojan (RAT) or the Rhadamanthys information stealer. The attack often begins via…
-
Cybercriminals Exploit EC2 Instance Metadata Vulnerability to Launch Attacks on Hosted Websites
by
in SecurityNewsCybercriminals have launched a sophisticated campaign targeting websites hosted on Amazon Web Services (AWS) EC2 instances. This campaign, observed in March 2025, exploits a vulnerability in EC2 Instance Metadata through Server-Side Request Forgery (SSRF), allowing attackers to access sensitive information and potentially escalate their attacks. The Exploitation Technique The attackers are leveraging a combination of…
-
DOGE ‘Big Balls’ Ransomware Utilizes ZIP-Based LNK Shortcuts and BYOVD Techniques for Stealthy Attacks
by
in SecurityNewsA new and highly sophisticated ransomware campaign, dubbed “DOGE BIG BALLS Ransomware,” has recently come to light, demonstrating a blend of technical innovation and psychological manipulation. This operation stands out for its multi-stage infection chain, which begins with a seemingly innocuous ZIP file and culminates in the deployment of a customized ransomware payload, all while…
-
Precision-Validated Phishing: A New Trend in Credential Theft
by
in SecurityNewsPhishing attacks are becoming increasingly sophisticated, but one emerging tactic is setting a new bar for precision and deception. Known as Precision-Validated Phishing, this method uses real-time credential validation to enhance the success rate of phishing campaigns. A recent report… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/precision-validated-phishing-credential-theft/
-
Paragon Hard Disk Manager Flaw Enables Privilege Escalation and DoS Attacks
by
in SecurityNews
Tags: access, attack, cyber, cybersecurity, dos, exploit, flaw, microsoft, ransomware, service, software, vulnerabilityParagon Software’s widely used Hard Disk Manager (HDM) product line has been found to contain five severe vulnerabilities in its kernel-level driver, BioNTdrv.sys, enabling attackers to escalate privileges to SYSTEM-level access or trigger denial-of-service (DoS) attacks. The flaws, now patched, were actively exploited in ransomware campaigns leveraging Microsoft-signed drivers, according to cybersecurity researchers. Overview of the Vulnerabilities The…
-
Hertz disclosed a data breach following 2024 Cleo zero-day attack
by
in SecurityNewsHertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024.…
-
Top Four Considerations for Zero Trust in Critical Infrastructure
by
in SecurityNews
Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trustTop Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
-
Gladinet flaw CVE-2025-30406 actively exploited in the wild
by
in SecurityNewsHuntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software. The vulnerabilityCVE-2025-30406(CVSS score 9.0) is a deserialization issue due to the CentreStack portal’s hardcoded machineKey use.…
-
Agentic AI is both boon and bane for security pros
by
in SecurityNewsRecent agentic security signposts: Recently, we have seen numerous examples of how quickly building your own autonomous AI agents has taken root. Microsoft last month demonstrated six new AI agents that work with its Copilot software that talk directly to its various security tools to identify vulnerabilities, flag identity and asset compromises. Simbian is hosting…
-
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs
by
in SecurityNewsA sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest. The attack, which began surfacing in March 2025 and primarily targets the finance and professional services sectors, signals a dramatic evolution in tactics used by threat actors linked to the…
-
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
by
in SecurityNewsA recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date.Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks First seen…
-
USPS Warns Public About Rising Mail, Email Scams”, How to Spot and Avoid Them
by
in SecurityNewsDiscover how evolving USPS mail scams highlight growing cybersecurity risks. Learn how phishing, smishing, and brushing attacks threaten your personal data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/usps-warns-mail-email-scams/
-
Ransomware Attack Disrupts Global Dialysis Provider DiVita
by
in SecurityNewsCompany Files Report With SEC About Incident Discovered Over the Weekend. Denver-based DaVita Inc., which runs more than 3,100 dialysis and other kidney care facilities in the U.S. and in 13 other countries, reported to the U.S. Securities and Exchange Commission that a ransomware attack over the weekend is disrupting some of its operations. First…
-
Nearly $23M lost in ransomware attack against IKEA operator
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/nearly-23m-lost-in-ransomware-attack-against-ikea-operator
-
Attack against Laboratory Services Cooperative impacts 1.6M
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/attack-against-laboratory-services-cooperative-impacts-1-6m
-
Attacks with novel PowerModul implant target Russia
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/attacks-with-novel-powermodul-implant-target-russia
-
US critical infrastructure attacks reportedly acknowledged by China
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/us-critical-infrastructure-attacks-reportedly-acknowledged-by-china
-
New ResolverRAT malware targets pharma and healthcare orgs worldwide
by
in SecurityNewsA new remote access trojan (RAT) called ‘ResolverRAT’ is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/
-
Over 14K Fortinet devices compromised via new attack method
Fortinet last week warned that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/14k-fortinet-devices-compromised-new-attack-method/745259/
-
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
by
in SecurityNewsCybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors.”The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link,” Morphisec Labs researcher Nadav Lorber said in a report shared with The First seen…
-
A New ‘It RAT’: Stealthy ‘Resolver’ Malware Burrows In
by
in SecurityNewsA new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it’s downright difficult to count them all. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/it-rat-stealthy-resolver-malware
-
Kidney dialysis firm DaVita hit by weekend ransomware attack
by
in SecurityNewsKidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kidney-dialysis-firm-davita-hit-by-weekend-ransomware-attack/
-
BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks
by
in SecurityNewsA new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight as a stealthy and dangerous tool for compromising networks. According to security experts at Trend Micro, BPFDoor is a state-sponsored backdoor attributed to the advanced persistent threat (APT) group known as Earth Bluecrow (also referred to as Red Menshen). This malware…
-
Ransomware disrupts some operations of kidney dialysis company DaVita
by
in SecurityNewsA ransomware attack over the weekend is still affecting some operations at kidney dialysis provider DaVita, the company said in a filing with U.S. regulators. First seen on therecord.media Jump to article: therecord.media/davita-kidney-dialysis-company-ransomware-attack
-
Morocco Investigation Major Data Breach Allegedly Claimed by Algerian Hackers
by
in SecurityNewsThe National Social Security Fund (CNSS) of Morocco has confirmed that initial checks on leaked documents circulating on social media have revealed that much of the information is false, inaccurate, or incomplete. Officials state these documents originated from a cyber attack targeting the organization’s computer systems. The CNSS has activated security protocols, launched an internal…
-
Package hallucination: LLMs may deliver malicious code to careless devs
by
in SecurityNewsLLMs’ tendency to >>hallucinate
-
Chinese APT Group Targets Ivanti VPN Vulnerabilities to Breach Networks
by
in SecurityNews
Tags: apt, attack, breach, china, cyber, cybersecurity, data-breach, group, ivanti, network, threat, vpn, vulnerabilityIn a concerning report from cybersecurity firm TeamT5, it has been revealed that a Chinese Advanced Persistent Threat (APT) group leveraged critical vulnerabilities in Ivanti Connect Secure VPN appliances to launch a global cyberattack. The breach affected nearly 20 industries across 12 countries, leaving networks exposed and under persistent threat. Global Victimology The widespread attack…