Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft,… Read More »Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands… Read More »Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands… Read More »E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials
A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under… Read More »New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said… Read More »New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. “It uses… Read More »Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153,… Read More »Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
WordPress users of miniOrange’s Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw,… Read More »WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia,… Read More »APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with… Read More »Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer