Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on...
Read more →Category: Bleeping Computer
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security...
Read more →
Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already...
Read more →
CISA warns of criminals impersonating its employees in phone calls
Image: Midjourney Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls...
Read more →
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that...
Read more →
Life360 says hacker tried to extort them after Tile data breach
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached...
Read more →
Microsoft deprecates Windows DirectAccess, recommends Always On VPN
Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release...
Read more →
Police arrest Conti and LockBit ransomware crypter specialist
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to...
Read more →
Black Basta ransomware gang linked to Windows zero-day attacks
The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a...
Read more →
Pure Storage confirms data breach after Snowflake account hack
Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace...
Read more →
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and...
Read more →
New Warmcookie Windows backdoor pushed via fake job offers
Image: Midjourney A never-before-seen Windows malware named ‘Warmcookie’ is distributed through fake job offer phishing campaigns to breach corporate networks. According...
Read more →