Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card…
‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a…
Salt Typhoon Builds Out Malware Arsenal With GhostSpider
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end…
Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese…
China’s ‘Liminal Panda’ APT Attacks Telcos, Steals Phone Data
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering…
Hamas Hackers Spy on Mideast Gov’ts, Disrupt Israel
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending…
China-Backed MirrorFace Trains Sights on EU Diplomatic Corps
Chinese APT groups increasingly lean on open source platform SoftEther VPN for network access. Now they're lending their know-how to…
Chinese APTs Cash In on Years of Edge Device Attacks
The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.
China’s ‘Evasive Panda’ APT Debuts High-End Cloud Hijacking
A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info…
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up…