Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Jun 04, 2025Ravie Lakshmanan Threat Intelligence / Data Breach Google has disclosed details of a financially motivated threat cluster that it said “specialises” in voice phishing (aka vishing) campaigns designed to breach organizations’ Salesforce instances for large-scale data theft and subsequent extortion. The tech giant’s threat intelligence team is tracking the activity under the moniker […]

Continue Reading

Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

Jun 04, 2025The Hacker NewsBrowser Security / Enterprise Security Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, […]

Continue Reading

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx, ReversingLabs, Safety, and […]

Continue Reading

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Jun 04, 2025The Hacker NewsVulnerability / DevOps Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. “These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, […]

Continue Reading

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Jun 03, 2025Ravie LakshmananUnited States Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that […]

Continue Reading

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Jun 03, 2025Ravie LakshmananEmail Security / Vulnerability Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of […]

Continue Reading

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Jun 03, 2025Ravie LakshmananMobile Security / Malware A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the […]

Continue Reading

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

Jun 03, 2025Ravie LakshmananThreat Intelligence / Cyber Threats Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. “By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and […]

Continue Reading

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Jun 02, 2025Ravie LakshmananMobile Security / Vulnerability Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows – CVE-2024-13915 (CVSS score: […]

Continue Reading

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations […]

Continue Reading

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Jun 02, 2025Ravie LakshmananSpyware / Vulnerability Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below – CVE-2025-21479 and CVE-2025-21480 (CVSS score: […]

Continue Reading

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it […]

Continue Reading

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. “In what appears to be a multi-stage phishing operation, the […]

Continue Reading

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

May 31, 2025Ravie LakshmananVulnerability / Linux Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to […]

Continue Reading

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

May 31, 2025Ravie LakshmananMalware / Cyber Crime A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their […]

Continue Reading

New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. “This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, […]

Continue Reading

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

May 30, 2025Ravie LakshmananVulnerability / Threat Intelligence The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. “The threat actor mainly targets the SQL injection vulnerabilities discovered on web […]

Continue Reading

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

May 30, 2025Ravie LakshmananCryptocurrency / Cybercrime The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling […]

Continue Reading

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. “CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim’s system,” Cisco Talos researcher […]

Continue Reading

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider’s (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It’s believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that […]

Continue Reading

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

May 29, 2025Ravie LakshmananMalware / Cloud Security Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was […]

Continue Reading