PureLogs Variant Steals Data via Purchase Order Lures
FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing
Infosecurity Magazine
20 articles
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets
BTMOB Android RAT Spreads Through No-Code Builder Tooling
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens
The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI
Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
Apple Blocked $2.2bn in App Store Fraud in the Last Year
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Three-Quarters of Firms Knowingly Ship Vulnerable Code
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year