‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names
Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.
Zyxel warns of critical OS command injection flaw in routers
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated…
New Voldemort malware abuses Google Sheets to store stolen data
A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating…
South Korean hackers exploited WPS Office zero-day to deploy malware
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS…
Microsoft’s Sway Serves as Launchpad for ‘Quishing’ Campaign
The attack is a mashup of QR codes and phishing that gets users to click on links to malicious Web…
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware named NGate can steal money from payment cards by relaying to an attacker's device the data…
National Public Data confirms breach exposing Social Security numbers
Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with…
NationalPublicData.com Hack Exposes a Nation’s Data
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information…
Harris campaign’s altering headlines misdirects from other Google threats, professor says: ‘They don’t want us to look at them’
A liberal professor and researcher says that the revelation about the Harris campaign altering headlines in Google searches to influence…
Fake X content warnings on Ukraine war, earthquakes used as clickbait
X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan…