2025-03-26 • ISH Tecnologia • 0x0d4y, Ismael Rocha • win.lynx Open article on Malpedia

2025-03-26 • ThreatMon • Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team • win.asyncrat Open article on Malpedia

WP Ultimate CSV Importer flaws expose 20,000 websites to attacks enabling attackers to achieve full site compromise

2025-03-28 • Intrinsec • David Sardinha • ps1.sload, win.netsupportmanager_rat, win.remcos, win.smokeloader Open article on Malpedia

Vladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers.

2025-03-31 • GootLoader Wordpress • gootloadersites • js.gootloader Open article on Malpedia

Cisco Talos observed identity-based attacks in 60% of the incidents it responded to last year. The post Identity lapses ensnared organizations at scale in 2024 appeared first on CyberScoop.

Cisco Talos observed identity-based attacks in 60% of the incidents it responded to last year. The post Identity lapses ensnared organizations at scale in 2024 appeared first on CyberScoop.

On November 29, 2024, a case was disclosed in which threat actors impersonated a recruitment email from a developer community called Dev.to to distribute malware. [1] In this case, the attacker...

The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually...

​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. [...]

Now available to Windows Insiders, Windows 11 is getting a secret weapon for boot failures called Quick Machine Recovery - and it works automatically.

The U.K. has published a policy statement on Cyber Security and Resilience Bill that sets out the policy... The post UK Cyber Security and Resilience Bill: Policy statement details confirmed and...

SandboxAQ announced that the National Institute of Standards and Technology (NIST) has officially selected HQC (Hamming Quasi-Cyclic) as... The post SandboxAQ announces that NIST has chosen its...

U.S.-based cybersecurity firm ReliaQuest has secured a significant funding boost with a new investment round totaling over $500 million, elevating the company’s valuation to $3.4 billion. The...

Fortress Government Solutions, a cybersecurity partner for the U.S. military and defense industrial base (DIB), announced on Tuesday... The post Fortress Government Solutions receives impact Level...

Smarter TV operating systems bring new privacy risks, with one major concern being automatic content recognition (ACR) - a feature that monitors your viewing habits.

The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services”

KEY TAKEAWAYS Go language (Golang) is increasing in popularity with developers of both legitimate and malicious tooling. Volexity frequently encounters malware samples written in Golang that apply...

A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor

A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell...

The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The ongoing Gamaredon adversary campaign against Ukraine...

The new feature is more accessible than S/MIME because it eliminates the need for certificate management.

Sending encrypted emails today involves a nightmare of certificates and administrative headaches. Google says it's ready to make things easier.

Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts

After decades of struggle, ransomware gangs have finally been vanquished

Autorité de la concurrence, France's antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position...

Your friends and family members are just waiting to be exploited by online attackers. They need your help.

Written by: Jamie Collier Since our September 2024 report outlining the Democratic People's Republic of Korea (DPRK) IT worker threat, the scope and scale of their operations has continued to...

A vishing scam via Microsoft Teams led to attackers misusing TeamViewer to drop malware and stay hidden using simple but effective techniques.