Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT,… Read More »Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into… Read More »Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks
A “multi-faceted campaign” has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma… Read More »Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. “These… Read More »Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns
The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies.… Read More »Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam
The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by… Read More »Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide
The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand… Read More »Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific… Read More »China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT
A new report from XM Cyber has found – among other insights – a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new… Read More »New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list… Read More »CISA Warns of Actively Exploited D-Link Router Vulnerabilities – Patch Now