Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Jun 04, 2025Ravie LakshmananLinux / Malware Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that…
Category: TheHackerNews
Why Traditional DLP Solutions Fail in the Browser Era
Jun 04, 2025The Hacker NewsBrowser Security / Enterprise Security Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses…
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation,…
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Jun 04, 2025The Hacker NewsVulnerability / DevOps Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce…
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Jun 03, 2025Ravie LakshmananUnited States Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell…
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Jun 03, 2025Ravie LakshmananEmail Security / Vulnerability Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone…
Understanding Help Desk Scams and How to Defend Your Organization
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling…
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
Jun 03, 2025Ravie LakshmananMobile Security / Malware A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target…
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion
Jun 03, 2025Ravie LakshmananThreat Intelligence / Cyber Threats Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies…
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Jun 03, 2025Ravie LakshmananWeb Security / Digital Identity Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock…
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Jun 03, 2025Ravie LakshmananBrowser Security / Vulnerability Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that…
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Jun 02, 2025Ravie LakshmananMobile Security / Vulnerability Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could…