Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run…
Open Source Security Priorities Get a Reshuffle
The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure…
Crypto-stealing malware posing as a meeting app targets Web3 pros
Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows…
New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials.…
Hackers exploit ProjectSend flaw to backdoor exposed servers
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote…
Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card…
Microsoft disrupts ONNX phishing-as-a-service infrastructure
Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across…
Illegal Crypto Mining: How Businesses Can Prevent Themselves From Being ‘Cryptojacked’
The popularity of cryptocurrencies like Ethereum and Bitcoin surged during the pandemic era. What began as a niche, almost novelty…
Phishing emails increasingly use SVG attachments to evade detection
Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. [...]
AWS’s Predictable Bucket Names Make Accounts Easier to Crack
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.