On March 4th 2025, Cork Protocol Beta was exploited for 3,761 wstETH. This article explains the exploit methods used in the real attack. The project had two audit contests from Sherlock and...

The organizations say a reintroduced version of the bill would “break” encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits. The post...

Despite sanctions and global scrutiny, Predator spyware operations persist. Insikt Group reveals new infrastructure links in Mozambique, Africa, and Europe, highlighting ongoing threats to civil...

The event also served as a significant highlight of the year-long celebration of Weidmuller’s milestone 50th anniversary in Richmond.

Researchers uncovered a large-scale malvertising campaign, active primarily between March 26 and April 25, 2025, during which over 269,000 legitimate websites were compromised with highly...

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent...

The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to...

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...]

Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login...

The flaw is able to skirt past your usual security protection and evade detection, but Microsoft has a patch.

Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims. The post Global law enforcement action in Asia nets large...

Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims. The post Global law enforcement action in Asia nets large...

Waymo driverless taxis capture troves of video footage in order to operate, but the company reveals very little about how much data is stored—and for how long.

The content of a vaccines information website owned U.S. Department of Health and Human Services was swapped with gay-themed spam.

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. [...]

23andMe holds millions of customers' genetic information. Here's what you can do to protect your data.

2025-05-31 • Medium (@mvaks) • mvaks • apk.crocodilus Open article on Malpedia

Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. [...]

2025-06-03 • ThreatFabric • ThreatFabric • apk.crocodilus Open article on Malpedia

2025-06-09 • Genians • Genians • ps1.flowerpower, win.appleseed, win.babyshark Open article on Malpedia

2025-06-09 • Kaspersky • Kaspersky Open article on Malpedia

2025-06-09 • Zscaler • ThreatLabZ research team, Zscaler • win.danabot Open article on Malpedia

2025-06-09 • Netresec • Erik Hjelmvik • win.purelogs Open article on Malpedia

The retail giant described the food shortages as "temporary supply challenges" following the cyberattack at its primary distributor, UNFI.

2025-06-05 • Hunt.io • Hunt.io • win.asyncrat, win.xworm Open article on Malpedia

2025-06-10 • abuse.ch • win.amatera Open article on Malpedia

The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data. The post Dems want watchdog study of two...

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed...

In today’s cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked:...

AWS CSO Stephen Schmidt says AI is transforming the way the company does security reviews and incident response. The post How Amazon Web Services uses AI to be a security ‘force multiplier’...