LATEST POST
Pro-Russian hackers attack Italian websites after president compares invasion of Ukraine to Nazis
Associated Press reports: A pro-Russian hacker group attacked Italian government websites on Tuesday in what it said was a reaction to a speech by Italian President Sergio Mattarella that compared Russia’s invasion of Ukraine to the Nazis ‘ “wars of conquest.” The NoName57 hacker group, which announced the attacks on social media, hit the websites of the defense, interior and transport ministries, as […]
Warning issued to 2,500,000,000 Gmail users over ‘devastating scam’ which allows hackers to steal banking and sensitive data
Back in May 2024, the FBI issued a warning about the increasing threat of cybercriminals using AI in their scams to make it difficult for users to spot. Unilad reports: Cybercriminals are seemingly using all the right tricks to take advantage of innocent web users and recently, they have been targeting Gmail customers, which sees them use AI […]
Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers
GBHackers reports that researchers have uncovered malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE): One notable case involved attackers embedding malicious scripts within the Must-Use Plugins (mu-plugins) directory, a special WordPress folder that automatically loads plugins on every page load without requiring activation. By placing obfuscated PHP code in this directory, attackers […]
Thousands of Polish lawyers affected by data breach
The personal data of thousands of Polish lawyers and trainee lawyers has been leaked online, exposing social security numbers and password hashes, cybersecurity sources have reported. The breach, first reported by CyberDefence24, occurred on February 14 at around 8:00 PM, with some 10,337 names and 9,037 social security—or PESEL numbers—leaked. The Supreme Bar Council (Naczelna […]
Data Breach Prompts Coast Guard to Take Personnel and Pay System Offline
Military.com reports: The Coast Guard‘s personnel and pay system was taken offline Friday and will remain down until at least Feb. 19 while officials investigate a data breach that affected more than 1,100 members. Coast Guard officials said Friday that the service’s Direct Access system, which manages pay and personnel matters, including orders, was hacked Friday, exposing sensitive […]
Brightline to pay $7M to resolve Fortra hack lawsuit
2023 was a bad year for commercial file transfer software apps because the Clop ransomware gang kept managing to find zero-day vulnerabilities to exploit. One of their campaigns involved Fortra’s GoAnywhere software. Even though Fortra issued a patch for CVE-2023-0669 within a week of discovery, there were many victims, including Brightline. Now TechTarget reports that […]
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
The North Korean state-sponsored threat actor known as Lazaraus Group is now running a campaign targeting software and Web3 developers with “undetectable” malware. MSN reports: Cybersecurity researchers at STRIKE from SecurityScorecard said they observed malware being embedded into GitHub repositories and NPM packages, where unsuspecting developers pick them up and integrate into their own projects. The […]
China-linked APT Salt Typhoon has breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
Security Affairs reports: China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices. Insikt Group researchers reported that the Chinese hacked have exploited two Cisco flaws, tracked […]