Please turn on your JavaScript for this page to function normally.
Linux
Beware of phishing emails delivering backdoored Linux VMs!

Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. …

Android
Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting …

Synology
Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and …

npm
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups …

handshake
North Korean hackers pave the way for Play ransomware

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing …

CyberPanel
Ransomware hits web hosting servers via vulnerable CyberPanel instances

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX …

email
Russian hackers deliver malicious RDP configuration files to thousands

Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, …

Redline
US charges suspected Redline infostealer developer, admin

The identity of a suspected developer and administrator of the Redline malware-as-a-service operation has been revealed: Russian national Maxim Rudometov. Infrastructure …

Eventbrite
Phishers reach targets via Eventbrite services

Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have …

Microsoft Windows
Patching problems: The “return” of a Windows Themes spoofing vulnerability

Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes …

Microsoft Teams
Black Basta operators phish employees via Microsoft Teams

Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft …

Redline
Police hacks, disrupts Redline, Meta infostealer operations

The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools