The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.
Researchers disclosed a large-scale phishing operation targeting Facebook and Messenger to lure millions of users. The users are drawn to phishing pages, from where their credentials are stolen and ads are displayed for revenue generation.
At least one million users of a Chinese-run VPN service have had their personally identifiable information (PII) exposed due to a misconfigured Elasticsearch server, Infosecurity can reveal.
In an unusual turn of events, the PyPI packages 'keep,' 'pyanxdns,' and 'api-res-py' were discovered to contain a backdoor due to the presence of a malicious 'request' dependency in some versions.
Multiple botnets are abusing a critical RCE vulnerability to infect Linux servers. These servers are running Atlassian Confluence Server and Data Center.
Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.
A new Linux rootkit malware named ‘Syslogk’ is being used in attacks to hide malicious processes, using specially crafted "magic packets" to awaken a backdoor laying dormant on the device.
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds.
At the RSA Conference 2022, Donald Benack, deputy associate director at the Cybersecurity and Infrastructure Security Agency (CISA), and Joshua Corman, founder of I am the Cavalry, outlined what the US Government sees as the three most critical bad practices for IT today.
Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021. Metasploit is a penetration testing framework that includes 864 payloads and 2,227 exploits that can be used to target vulnerabilities and test a network's defenses.