American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. [...]
Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and...
The captain of a Chinese-crewed ship has been charged in Taiwan with breaking a subsea cable near the island, the first such formal charge following almost a dozen similar incidents in recent years.
Research by: hasherezade Key Points Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves...
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities...
Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on cybercrime forums to conduct threat intelligence...
Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites
Abstract Credential stuffing attacks using leaked passwords have been rapidly increasing. These attacks that began with a simple technique has evolved—through advances in automation tools and the...
1. Overview Mavinject.exe is a legitimate utility provided by Microsoft. It is used to inject DLLs into specific processes in an Application Virtualization (App-V) environment. It has been...
It may look empty, but that folder is tied to a new security patch - and it shouldn't be removed.
The chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 50,000 professionals and...
For the latest discoveries in cyber research for the week of 14th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The United States Office of the Comptroller of...
A new global study from SANS and GIAC finds that the cybersecurity workforce crisis may be more misunderstood... The post New SANS/GIAC study finds cybersecurity skills gap, not talent shortage,...
2025-04-14 • Trend Micro • Fernando Mercês • elf.bpfdoor Open article on Malpedia
Artificial Intelligence has supercharged an array of tax-season scams this year, with fraudsters using deepfake audio and other techniques to trick taxpayers into sending them money and financial...
Trustwave SpiderLabs continuously tracks a range of malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns leading to...
Eric Swalwell, a Democrat Senator from California and ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection,... The post Swalwell demands CISA briefing amid reports of...
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...]
Through the SYS Initiative, Prodaft is offering a secure, anonymous channel for individuals to share information about ongoing cybercrime activities
The crosswalk buttons, which include audio alerts, were hacked over the weekend.
A ransomware attack over the weekend is still affecting some operations at kidney dialysis provider DaVita, the company said in a filing with U.S. regulators.
The change is meant to speed things up, but some staff are calling it 'a recipe for disaster.'
Learn how to set up and use LastPass password manager. Start managing and storing your passwords with this step-by-step guide.
ResolverRAT targets healthcare organizations using advanced evasion techniques and social engineering
A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...]
The International Society of Automation (ISA) has, in a significant development for industrial automation and digital manufacturing environments,... The post New ISA-95 standard enhances IT/OT...
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family...
This is a weekly threat intelligence report review from RST Cloud. This week, we analysed 53 threat intelligence reports and compiled a summary of the findings, along with the relevant metadata...
CERT Polska has received a report about 11 vulnerabilities found in Internet Starter module of SoftCOM iKSORIS software.
Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms. [...]