However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next.
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.
A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics.
The company’s RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it’s-not-saying. Wormhole is trying to negotiate with the attacker.