Major open-source software projects are warning that more pieces of code than XZ Utils may have been backdoored by attackers, based on ongoing supply-chain attack attempts that have targeted "popular JavaScript projects," apparently seeking to trick them into sharing code maintainer rights.
North Korean hackers with an affinity for establishing rapport with targets via social engineering and email are getting smarter about bypassing anti-spam protections and using tracking pixels, say researchers. The group, codenamed Kimsuky, has been operational since 2012.
Cybercriminals launched 7.78 million attacks against U.K. businesses and nearly 1 million against charity organizations, according to the latest U.K. government survey report. But fewer than half of those firms reported the incidents to authorities, something researchers say is a concerning trend.
A new study published by researchers from the universities of Oxford and New South Wales ranks Russia at the top of a global list of cybercrime hot spots and says Ukraine, China, the United States, Nigeria and Romania are home to a majority of global cybercriminal activity.
Security researchers are warning about a relatively new malware called Latrodectus, believed to be an evolutionary successor to the IcedID loader. It has been detected in malicious email campaigns since November 2023, and recent enhancements make it harder to detect and mitigate.
German federal agencies warned that phishing attacks targeting political parties surged ahead of upcoming European Union elections. The government did not attribute the attacks to a specific country but confirmed that they are tied to a nation-state group.
Threat actors are sending SMS texts to trick banking customers into downloading new and improved Vultur banking malware that interacts with infected devices and alters files. Vultur typically misuses legitimate applications, enabling remote access to the VNC server on targeted devices.
Federal regulators are sounding an alarm to warn healthcare sector entities of cyberattacks involving a tried-and-true hacking method - credential harvesting, which can be used to compromise patient data, disrupt healthcare operations and enable other crimes.
Iran-aligned threat actor TA450, also called MuddyWater, is using fake salary, compensation and financial incentive emails to trick Israeli employees at multinational organizations into clicking malicious links, according to researchers at security firm Proofpoint.
A Russian hacking group is targeting German political parties as part of a Moscow-backed espionage campaign. The latest APT29 campaign marks the first time the group has been seen targeting political organizations, according to researchers at Mandiant.
Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.
Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.
Election campaigners Michael Blake and Cynthia Wallace discuss the need for accurate information and community involvement to protect electoral integrity and empower underrepresented voters. Strategies for countering misinformation range from sourcing internet posts to hosting barbershop meetings.
A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase. At least 100 victims, including crypto company employees, have fallen for the scam.
North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials. This is the latest attack in a North Korean campaign that targets Russian diplomatic activities.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.