Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.

Over 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers

The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors. [...]

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Ukrainian officials say Russian intelligence is using video games to trick children into helping the enemy

This Remote Access Checklist, created by Scott Matteson for TechRepublic Premium, should be used to ensure all employees have the requisite items, accounts, access, and instructions needed for...

For the latest discoveries in cyber research for the week of 16th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Romanian National Cybersecurity...

Amnesty said it found NoviSpy, an Android spyware linked to Serbian intelligence, on the phones of several members of Serbian civil society following police stops. © 2024 TechCrunch. All rights...

Last week, we analysed 56 cyber threat intelligence articles and summarised them along with the relevant metadata that was extracted. You can find below a short summary of 10 articles, related...

The Arc browser had just announced their bug bounty program. As a result, the author decided to search through for some low hanging fruit. Quickly, they found some interesting endpoints:...

Openwrt is open source router firmware. While the researcher was updating their router, they noticed that there was a service called attended sysupgrade that builds and hosts the firmware...

The Glutton backdoor, a modular PHP-based malware framework, has been observed targeting systems in China, the U.S., Cambodia, Pakistan, and South Africa. The malware, linked with moderate...

Resecurity unveils AI-powered GSOC at NATO Edge 2024, integrating VR for advanced cybersecurity. Tailored for MSSPs, it enhances…

The Banner Pattern

The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. [...]

Discover the latest in LLM hijacking activity, including a dive into the JINX-2401 campaign targeting AWS environments with IAM privilege escalation tactics.

The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.

​The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. [...]

As the curtain closes on 2024, the critical infrastructure and OT (operational technology) sectors reflect upon a year... The post 2024 in retrospect: Lessons learned and cyber strategies shaping...

On November 26, 2024, Wiz Threat Research identified JINX-2401, a threat actor attempting to hijack LLM models in multiple AWS environments using compromised IAM credentials. The attackers...

Two critical vulnerabilities in Cleo file transfer software—CVE-2024-50623 and CVE-2024-55956—have been actively exploited, leading to unauthorized data access and system compromise. The Clop...

State officials said hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state’s online portal for social services, with a “high probability” that personally...

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold...

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of...

Bitdefender bundles antivirus and anti-malware with other digital privacy tools to keep you safer. Here's how it works.

Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.

A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. [...]

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000...

Analysis of packer-as-a-service (PaaS) HeartCrypt reveals its use in over 2k malicious payloads across 45 malware families since its early 2024 appearance. The post Crypted Hearts: Exposing the...

Australian IT pros are urged to strengthen defenses as Chinese cyber threats target critical infrastructure and sensitive data.