CISA orders govt agencies to patch bugs exploited by Russian hackers
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities (KEV) list. Three of them…
Category: Bleeping Computer
Hackers hijack Linux systems using trojanized OpenSSH version
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign. After…
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as “RepoJacking,” which could help attackers deploy supply chain attacks impacting a large…
VMware fixes vCenter Server bugs allowing code execution, auth bypass
VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. vCenter Server…
DuckDuckGo browser for Windows available for everyone as public beta
DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download with no restrictions. DuckDuckGo’s web…
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let…
iOttie discloses data breach after site hacked to steal credit cards
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers’ credit cards and personal…
APT37 hackers deploy new FadeStealer eavesdropping malware
The North Korean APT37 hacking group uses a new ‘FadeStealer’ information-stealing malware containing a ‘wiretapping’ feature, allowing the threat actor to snoop and record from…
Apple fixes zero-days used to deploy Triangulation spyware via iMessage
Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits. “Apple is aware of a report that…
UPS discloses data breach after exposed customer info used in SMS phishing
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and…
Amazon trapped millions into hard-to-cancel Prime memberships
The Federal Trade Commission (FTC) says Amazon allegedly used dark patterns to trick millions of users into enrolling in its Prime program and trapping them…
A Tour of the New Cybercrime Underground
The world of cybercrime is moving quickly. Threat actors, ransomware gangs, malware developers, and others are increasingly and rapidly moving off of the “traditional” dark…