Cybercriminals are planting maldocs in chat threads on Microsoft Teams. Users accessing it might end up giving control of their systems to hackers. Organizations are suggested to deploy email gateway security that secures communication...
Iranian MuddyWater APT has reportedly launched fresh attacks targeting the users in the Turkish government and other private organizations in the country. Hackers lure victims via maldocs that masquerade as genuine documents from the...
A North Korea-linked APT group has been spotted targeting cryptocurrency startups worldwide with fake MetaMask browser extensions to steal cryptocurrency from users’ wallets. The attackers work around a complex infrastructure, including various exploits and...
Threat actors behind Dridex malware found luring people with fake employee termination emails. The emails are used as bait to open a malicious Excel document that trolls the victim. The document, once opened, installs other...
Minerva Labs disclosed that the StrongPity APT group has been distributing malicious Notepad++ installers to infect targets. The malware has the ability to steal files, along with other data. Notepad++ users are suggested to...
Proofpoint identified three state-sponsored threat actors from India, Russia, and China adopting RTF template injection methods in their phishing campaigns. The adoption of this technique has made attacks from the group much harder to...
A new Iranian actor was spotted abusing an RCE flaw in Microsoft MSHTML to target Farsi-speaking people globally and stealing their Google and Instagram credentials. The attacks started in July via spear-phishing emails that...
In a new attack campaign, the Aggah threat group is deploying clipboard hijacking code to replace a victim’s cryptocurrency address with an address to redirect cryptocurrency transactions. Researchers observed seven different cryptocurrency addresses in...
Attackers are targeting unpatched Exchange servers for vulnerabilities such as ProxyLogon and ProxyShell to breach corporate email servers and drop multiple malware. In one of the attacks, the researchers have seen the distribution of...
BlackBerry discovered that actors behind MountLocker, Phobos, and the StrongPity APT are dependent on a common initial access broker, dubbed Zebra2104, for their malware campaigns. The broker has helped criminals break into the networks...
A report by Cyware, Ivanti, and Cyber Security Works noted a 4.5% rise in CVEs associated with ransomware, with a 3.4% rise in ransomware families exploiting those. The total count of older vulnerabilities is...
The TeamTNT group has upped its game in recent times. Recently, it was found targeting Docker servers exposing Docker REST APIs for cryptomining purposes, under the campaign that was set off in October. Experts...
Researchers have disclosed details about a now-patched critical vulnerability in a time and billing system called BillQuick that was being by a new ransomware group. It can be triggered simply by using login requests...
The CISA, FBI, and NSA released a joint advisory that warns critical infrastructure entities as well as the U.S. food and agriculture sector against BlackMatter ransomware intrusions. It is believed that DarkSide has re-emerged...
Iran-linked hackers were found conducting extensive password spraying attacks against Office 365 accounts of defense technology and global maritime firms in the U.S. and Israel. The group attempts to gain access to commercial satellite...
Apache, the open-source cross-platform web server software, rolled out patches to fix two security vulnerabilities that were being abused by criminals. While the first flaw can be exploited for RCE, the other moderate flaw...
