A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's...
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]
Some browser extension permissions are too broad, and owners can quickly repurpose pre-approved capabilities for malicious intent, a security researcher told CyberScoop. The post Browser extension...
Some browser extension permissions are too broad, and owners can quickly repurpose pre-approved capabilities for malicious intent, a security researcher told CyberScoop. The post Browser extension...
Scandal surrounding the Trump administration's Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”
In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign...
“Fullz” is a slang term used by cybercriminals trading in stolen data. It refers to data packages that contain full sets of data needed to steal someone’s identity.
OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability.
New research by Forescout Research’s Vedere Labs exposed vulnerabilities in solar power systems after analyzing six major solar... The post Forescout SUN:DOWN research uncovers critical...
Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB...
Posted by Chrome Root Program, Chrome Security Team The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome....
Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security
Discover the novel QWCrypt ransomware used by RedCurl in targeted hypervisor attacks. This article details their tactics, including…
Ukraine’s state railway operator, Ukrzaliznytsia, has resumed online ticket sales after a cyberattack brought down its systems earlier in the week.
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations...
Does your phone number or home address show up on Google Search? Here's what you can do about it.
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]
PJobRAT malware targets Taiwan Android users, stealing data through fake messaging platforms
The encrypted messaging app Signal is getting some unexpected attention this week. High-ranking officials in the Trump administration, including Vice President J.D. Vance and Secretary of Defense...
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office...
Russian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users.
Your Venmo activity is public by default. Here's why that's a problem and how to fix it.
The European Union Agency for Cybersecurity (ENISA) has released an analysis of the cybersecurity threats to the space... The post ENISA space threat landscape report highlights cybersecurity gaps...
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of March, 2025”
null MD5 01c466ac5ea1817f23d7bbe5e46fef87 10e7ffbdcf6a3a9cd34ce965efc5e2a7 60de322d3291b416f173d3f543a564fe 63cf524262372fc0e9db338d1d9264ad
AhnLab SEcurity intelligence Center (ASEC) recently identified a phishing malware being distributed in Scalable Vector Graphics (SVG) format. SVG is an XML-based vector image file format commonly...
The International Civil Aviation Organization (ICAO), International Telecommunication Union (ITU) and International Maritime Organization (IMO) recently expressed ‘grave... The post ICAO, ITU, IMO...
Claroty, a cyber-physical systems protection firm, analyzed over 2.25 million Internet of Medical Things (IoMT) devices and more... The post Claroty reports alarming IoMT, OT device risks as...
NeoSystems LLC, vendor of managed services, consulting, and compliant hosting solutions for government contractors, announced Wednesday that it... The post NeoSystems achieves perfect score in...