New WhiskerSpy malware delivered via trojanized codec installer
Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as…
451 PyPI packages install Chrome extensions to steal crypto
Over 450 malicious PyPI python packages were found installing malicious Chromium browser extensions to hijack cryptocurrency transactions made through browser-based…
Devs targeted by W4SP Stealer malware in malicious PyPi packages
Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from…
Microsoft WinGet package manager failing from expired SSL certificate
Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired. [...]
Hackers use fake crypto job offers to push info-stealing malware
A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry,…
Malicious Dota 2 game mods infected players with malware
Security researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor the players' systems.…
Dashlane password manager open-sourced its Android and iOS apps
Dashlane announced it had made the source code for its Android and iOS apps available on GitHub under the Creative…
New Sh1mmer ChromeBook exploit unenrolls managed devices
A new exploit called 'Sh1mmer' allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish…
Exploit released for critical Windows CryptoAPI spoofing bug
Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the…
Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI
The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.