Three new bugs added to CISA's KEV catalog, RaaS affiliates use new custom backdoor, and compromised GitHub Action exposes CI/CD secrets.
2025-03-13 • EclecticIQ • Arda Büyükkaya • win.blackbasta Open article on Malpedia
2025-03-14 • VitalDigitalForensics • v4ensics • win.lumma Open article on Malpedia
A security researcher has observed threat actors exploiting vulnerabilities in a driver used by CheckPoint’s ZoneAlarm antivirus to bypass Windows security measures
2025-03-20 • Cisco Talos • Asheer Malhotra, Brandon White, Jungsoo An, Vitor Ventura • py.lazagne, win.juicy_potato, win.meterpreter, win.mimikatz Open article on Malpedia
2025-03-13 • Forescout • Forescout Research, Sai Molige • win.blackmatter, win.lockbit Open article on Malpedia
2025-03-20 • Denwp Research • Tonmoy Jitu • osx.amos Open article on Malpedia
ServiceNow vulnerability alert: Hackers are actively exploiting year-old flaws (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) for database access. Learn how to…
2025-03-13 • Cyfirma • cyfirma Open article on Malpedia
2025-03-18 • WeLiveSecurity • Dominik Breitenbacher • win.anel, win.asyncrat Open article on Malpedia
Read SentinelOne's response to the tj-actions/changed-files attack and learn how to secure development pipelines with runtime security.
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT via malicious PowerShell commands, according to HP
The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions...
Learn about the information stealing browser extension Rilide, its delivery methods, and intrusion chain.
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in...
Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.
Cisco Talos discovered a malicious campaign tracked under the UAT-5918 umbrella, which has been active since at least... The post UAT-5918 APT group targets Taiwan critical infrastructure,...
Continuing its global expansion plan Integrity360 has acquired cybersecurity company Holiseum headquartered in Paris, France. The terms of... The post Integrity360 acquires Holiseum to strengthen...
The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024.
Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with...
Check out highlights from the “Tenable Cloud AI Risk Report 2025”. Plus, get the latest guidance on how to transition to quantum-resistant cryptography. In addition, find out how AI is radically...
The Government Computer Emergency Response Team (CERT-UA) issued an important warning about a series of targeted cyberattacks aimed at employees within Ukraine's defense-industrial complex and...
Today, we are discussing Computer Vision applications, one of the most impactful AI-powered technologies that is reshaping our…
Axelar is a cross-chain bridging protocol. To come to an agreement on whether a cross-chain vote has happened or not, 60% of the stake on Axelar has to approve it. The voting is performed on the...
Researchers have uncovered new and evolving versions of the Albabat ransomware, which now target Windows, Linux, and macOS systems. These updated variants (v2.0.0 and v2.5) show a notable...
On March 21, 2025, CloudSEK reported that a threat actor using the alias "rose87168" is claiming to have exfiltrated over 6 million records from Oracle Cloud’s SSO and LDAP systems. According to...
Federal prosecutors said Matthew Weiss, a former assistant football coach at the University of Michigan, learned hacking skills to breach online databases, primarily targeting information about...
The order accused DOGE of engaging in a "fishing expedition" at the federal agency. © 2025 TechCrunch. All rights reserved. For personal use only.
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this...