Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind…
Mar 04, 2025Ravie LakshmananCyber Espionage / Malware Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities in the United Arab Emirates (U.A.E.) to deliver a previously…
Mar 04, 2025Ravie LakshmananNetwork Security / Ransomware Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and…
Mar 04, 2025The Hacker NewsCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to…
Mar 04, 2025Ravie LakshmananVulnerability / Mobile Security Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation…
Mar 03, 2025Ravie LakshmananCloud Security / Email Security Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The…
Mar 03, 2025Ravie LakshmananCybercrime / Malware Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. “The threat actor hides each…
Mar 03, 2025Ravie LakshmananData Privacy / Compliance The U.K.’s Information Commissioner’s Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between…
Mar 03, 2025Ravie LakshmananRansomware / Vulnerability Threat actors have been exploiting a security vulnerability in Paragon Partition Manager’s BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is…
Mar 03, 2025Ravie Lakshmanan This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the…