Apr 15, 2025Ravie LakshmananLinux / Malware The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool…
Apr 15, 2025Ravie LakshmananVulnerability / Software Security A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a…
Apr 15, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange…
Apr 15, 2025The Hacker NewsData Privacy / Enterprise Security Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know…
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of…
Apr 15, 2025Ravie LakshmananVulnerability / Endpoint Security A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked…
Apr 15, 2025Ravie LakshmananArtificial Intelligence / Data Privacy Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union,…
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. “The threat actor leverages fear-based lures delivered via phishing emails, designed to…
Apr 14, 2025Ravie LakshmananEmail Security / Cyber Attack Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique…
Apr 14, 2025Ravie LakshmananThreat Intelligence / Cybersecurity Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach…