Lazarus hackers breach aerospace firm with new LightlessCan malware
The North Korean ‘Lazarus’ hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network…
Category: Bleeping Computer
Progress warns of maximum severity WS_FTP Server vulnerability
Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability…
Microsoft breach led to theft of 60,000 US State Dept emails
Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft’s cloud-based Exchange email platform in May. During a recent…
Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims’ networks to encrypt systems in under two days.…
Bing Chat responses infiltrated by ads pushing malware
Malicious advertisements are now being injected into Microsoft’s AI-powered Bing Chat responses, promoting fake download sites that distribute malware. Bing Chat, powered by OpenAI’s GPT-4…
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. Cisco Catalyst SD-WAN…
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild. Discovered by X. B.…
Security researcher stopped at US border for investigating crypto scam
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his…
Budworm hackers target telcos and govt orgs with custom malware
A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia…
Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. The malware…
Google fixes fifth actively exploited Chrome zero-day of 2023
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. “Google is…
SSH keys stolen by stream of malicious PyPI and npm packages
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. The…