A hacker has claimed responsibility for breaching the University of Pennsylvania’s systems and stealing 1.2 million donor records. The threat actor contacted BleepingComputer, alleging that the inc...
Aardvark functions through a sophisticated multi-stage pipeline that mimics the investigative process of a seasoned security researcher. It begins with a comprehensive analysis of an entire reposi...
Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in th...
Rebooting an infected device removes BADCANDY, the ASD says, but warns that “rebooting will not reverse additional actions taken by the threat actor and will not remedy the initial vulnerability ex...
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United Sta...
A community database, API and collaboration platform to help identify and protect against open-source malware. 70,271 Malicious Packages 12 Malicious Repositories 1 Malicious CDNs To read the com...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2018-25120 D-Link - DNS-343 Share...
Arctic Wolf Labs has identified an active cyber espionage campaign by Chinese-affiliated threat actor UNC6384 targeting European diplomatic entities in Hungary, Belgium, and additional European nat...
A surge in cybercriminal abuse of AdaptixC2, a free adversarial emulation framework created initially for penetration testers, has been detected in active ransomware operations. AdaptixC2 operates...
Proton has launched the Data Breach Observatory to serve as a reporting platform that monitors and publishes data breaches found on the dark web. Unlike reports that rely on voluntary disclosures, ...
At its core, Brash stems from the lack of rate limiting on “document.title” API updates, which, in turn, allows for bombarding millions of document object model mutations per second, causing the we...
In brief: AFP Commissioner Krissy Barrett revealed Wednesday how a data scientist unlocked over $6 million from a crypto wallet held by an “alleged criminal.” The data scientist was able to access...
Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Blac...
Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attack...
Logins.zip operates as a browser-based builder, allowing operators to generate custom malware stubs without technical expertise. Once deployed, the stub which is clocking in at a mere ~150KB employ...
The Canadian Centre for Cyber Security revealed that hacktivists have repeatedly breached systems of the country’s critical infrastructure. Attackers tampered with industrial controls at a water tr...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published on Tuesday one ICS (industrial control system) advisory, one ICS medical advisory, and updated an earlier ICS advisory add...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-57412 n/a - n/a An iss...
Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as ...
GhostCall heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential vic...