Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate a...
July 2023
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis ...
Sp123
31 Jul, 2023
AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) r...
Sp123
31 Jul, 2023
New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data
A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sens...
Sp123
29 Jul, 2023
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has...
Sp123
29 Jul, 2023
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-com...
Sp123
28 Jul, 2023
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick...
Sp123
28 Jul, 2023
A Data Exfiltration Attack Scenario: The Porsche Experience
As part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at t...
Sp123
28 Jul, 2023
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required
Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest versio...
Sp123
28 Jul, 2023
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left
As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across...
Sp123
27 Jul, 2023
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet mal...
Sp123
27 Jul, 2023
New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days
The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize detail...
Sp123
27 Jul, 2023
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks
A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an o...
Sp123
26 Jul, 2023
The Alarming Rise of Infostealers: How to Detect this Silent Threat
A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) m...
Sp123
26 Jul, 2023
Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets
A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infe...
Sp123
26 Jul, 2023
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control...
Sp123
25 Jul, 2023
How MDR Helps Solve the Cybersecurity Talent Gap
How do you overcome today's talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or th...
Sp123
25 Jul, 2023
macOS Under Attack: Examining the Growing Threat and User Perspectives
As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple's operating system...
Sp123
25 Jul, 2023
Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk
A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensiti...
Sp123
25 Jul, 2023
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the l...
Sp123
25 Jul, 2023
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch ...
Sp123
24 Jul, 2023
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromis...
Sp123
24 Jul, 2023
Banking Sector Targeted in Open-Source Software Supply Chain Attacks
Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically target...
Sp123
24 Jul, 2023
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as vi...
Sp123
21 Jul, 2023
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment tec...
Sp123
21 Jul, 2023
DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in Ap...
Sp123
21 Jul, 2023
Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical se...
Sp123
21 Jul, 2023
Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by mali...
Sp123
20 Jul, 2023
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats
Microsoft on Wednesday announced that it's expanding cloud logging capabilities to help organizations investigate cybersecurity incident...
Sp123
20 Jul, 2023
Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called...
Sp123
19 Jul, 2023
Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation
Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with...
Sp123
19 Jul, 2023
Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground
Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story b...
Sp123
18 Jul, 2023
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware
Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on com...
Sp123
17 Jul, 2023
AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text
All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in v...
Sp123
14 Jul, 2023
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70...
Sp123
14 Jul, 2023
Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A se...
Sp123
14 Jul, 2023
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland
Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns de...
Sp123
13 Jul, 2023
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on...
Sp123
13 Jul, 2023
U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack
An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Micros...
Sp123
13 Jul, 2023
New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products
SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software...
Sp123
13 Jul, 2023
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that ...
Sp123
12 Jul, 2023
Global Retailers Must Keep an Eye on Their SaaS Stack
Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the n...
Sp123
10 Jul, 2023
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing
Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "Letscall." This techni...
Sp123
7 Jul, 2023
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software us...
Sp123
7 Jul, 2023
Mastodon Social Network Patches Critical Flaws Allowing Server Takeover
Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions ...
Sp123
7 Jul, 2023
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting compani...
Sp123
7 Jul, 2023
Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersec...
Sp123
6 Jul, 2023
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
In yet another sign of a lucrative crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers have discovered a new Windows-based in...
Sp123
3 Jul, 2023
Popular Posts
Archive
- Jun 2025 [62]
- May 2025 [87]
- Apr 2025 [76]
- Mar 2025 [83]
- Feb 2025 [71]
- Jan 2025 [81]
- Dec 2024 [82]
- Nov 2024 [77]
- Oct 2024 [75]
- Sept 2024 [85]
- Aug 2024 [85]
- Jul 2024 [73]
- Jun 2024 [76]
- May 2024 [81]
- Apr 2024 [77]
- Mar 2024 [61]
- Feb 2024 [72]
- Jan 2024 [84]
- Dec 2023 [73]
- Nov 2023 [74]
- Oct 2023 [115]
- Sept 2023 [136]
- Aug 2023 [134]
- Jul 2023 [48]
- Jun 2023 [15]