New Cactus ransomware encrypts itself to evade antivirus
A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of “large commercial entities.” The Cactus ransomware…
Category: Bleeping Computer
Western Digital says hackers stole customer data in March cyberattack
Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.…
Meet Akira — A new ransomware operation targeting the enterprise
The new Akira ransomware operation has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar…
Twitter says ‘security incident’ exposed private Circle tweets
Twitter disclosed that a ‘security incident’ caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle. Twitter Circle is…
New PaperCut RCE exploit created that bypasses existing detections
A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules. The PaperCut vulnerability, tracked as CVE-2023-27350, is…
Z-Library eBook site disrupted again by FBI domain seizures
The Federal Bureau of Investigation (FBI) continues to disrupt the world’s largest shadow eBook library, Z-Library, by seizing more domains used by the platform. Besides…
The Week in Ransomware – May 5th 2023
This week’s ransomware news has been dominated by a Royal ransomware attack on the City of Dallas that took down part of the IT infrastructure.…
ALPHV gang claims ransomware attack on Constellation Software
Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and…
New Android FluHorse malware steals your passwords, 2FA codes
A new Android malware called ‘FluHorse’ has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. The malware was discovered…
New Android updates fix kernel bug exploited in spyware attacks
Android security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. The security flaw (tracked…
WordPress custom field plugin bug exposes over 1M sites to XSS attacks
Security researchers warn that the ‘Advanced Custom Fields’ and ‘Advanced Custom Fields Pro’ WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks…
Kimsuky hackers use new recon tool to find security gaps
The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called ‘ReconShark,’ in a cyberespionage campaign with…