cyber attacks

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms…

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

May 08, 2025Ravie LakshmananNetwork Security / Vulnerability SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The…

Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures

May 08, 2025Ravie LakshmananThreat Intelligence / Ransomware Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of…

Security Tools Alone Don’t Protect You — Control Effectiveness Does

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of…

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

May 08, 2025Ravie LakshmananMalware / Cyber Espionage The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions…

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a…

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

May 08, 2025Ravie LakshmananVulnerability / Network Security Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files…

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

May 07, 2025Ravie LakshmananDark Web / Cybercrime Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation,…

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

May 07, 2025Ravie LakshmananVulnerability / Web Security A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is…

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

May 07, 2025Ravie LakshmananVulnerability / IT Service Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated…

« Previous
1
…
124
125
126
127
128
…
354
Next »