New ransomware decryptor recovers data from partially encrypted files
Security researchers have shared a new Python-based ransomware recovery tool named 'White Phoenix' on GitHub, which lets victims of ransomware…
WordPress custom field plugin bug exposes over 1M sites to XSS attacks
Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are…
How Public-Private Information Sharing Can Level the Cybersecurity Playing Field
Sharing information is critical to help organizations protect data and systems. To be even more effective, collaboration should be inclusive…
Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram
The company has removed three APTs and six potentially criminal networks from its platforms who leveraged elaborate campaigns of fake…
Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor
The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to…
‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware
The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.
GitHub now allows enabling private vulnerability reporting at scale
GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging…
‘GhostToken’ Opens Google Accounts to Permanent Infection
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything…
Global Spyware Attacks Spotted Against Both New & Old iPhones
Campaigns that wielded NSO Group's Pegasus against high-risk users over a six-month period demonstrate the growing sophistication and relentless nature…
Microsoft SQL servers hacked to deploy Trigona ransomware
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL (MS-SQL) servers to deploy Trigona ransomware payloads and encrypt all…