MalwareFireScam malware poses as Telegram app to steal sensitive Android dataSteve ZurierJanuary 3, 2025While the app gets distributed via a GitHub phishing site, all Android users worldwide are at risk.
DevOpsNPM package poses as legit Ethereum smart contract, injects Quasar RATSteve ZurierJanuary 2, 2025Quasar RAT has circulated in cybercrime and APT campaigns since July 2014.
IdentityUS Treasury hacked by state-sponsored Chinese APT groupSteve ZurierDecember 31, 2024Government says hackers compromised a BeyondTrust API key to then access Treasury workstations and steal unclassified documents.
IdentityChrome extensions compromised in Christmas Day supply chain attackSteve ZurierDecember 30, 2024Stolen Cyberhaven employee credentials used to steal access tokens and business data from users of Facebook ads.
Network SecurityPalo Alto Networks patches DoS bug in PAN-OS softwareSteve ZurierDecember 27, 2024DoS flaw actively exploited in production. Security pros warn teams to patch right away.
Critical Infrastructure Security5 critical infrastructure sectors hit hardest by cyberattacks in 2024Steve ZurierDecember 27, 2024Here’s a rundown of the leading cyber incidents sustained by the manufacturing, finance, energy and utilities, retail, and healthcare sectors.
Network SecurityApache fixes Traffic Control bug that attackers could exploitSteve ZurierDecember 26, 2024Security teams should immediately patch 9.9 vulnerability in web content distribution platform.
Ransomware5.6 million patients affected by Ascension Health cyberattackSteve ZurierDecember 23, 2024Attack by Black Basta sent the Ascension system reeling for several days, forcing medical staffs to reading paper charts.
IdentityFake DocuSign docs used to secure corporate credentials in mishing campaignSteve ZurierDecember 20, 2024DocuSign campaign one of many mobile phishing campaigns that aim to steal corporate credentials from top executives.
Application securityCriminals using Google Calendar email invites to steal data from usersSteve ZurierDecember 19, 2024Phony emails include a malicious Calendar file with a link to Google Forms or Google Drawings.
