Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

Cyber Gangs Aren't Afraid of Prosecution

Challenges with cybercrime prosecution are making it easier for attackers to act with impunity. Law enforcement needs to catch up.

DARKReading
Open in Source
#sql#vulnerability#web#git#intel#backdoor#auth#ssl
Sidewinder Casts Wide Geographic Net in Latest Attack Spree

The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader, and

MagnusBilling 7.x Command Injection

MagnusBilling version 7.x suffers from a remote command injection vulnerability.

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land" – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities

Pig Butchering Scams Are Going High Tech

Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.

A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines

It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.

MagnusBilling 6.x Code Injection

MagnusBilling version 6.x suffers from a PHP code injection vulnerability.