Author Archives: Ravie Lakshmanan

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint.
The list of packages includes… Continue reading Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys→

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns.
The activity cluster, attributed to a hacking group du… Continue reading State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks→

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums.
Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from ove… Continue reading New ‘Quantum’ Builder Lets Attackers Easily Create Malicious Windows Shortcuts→

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMw… Continue reading Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data→

The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region.
“We’re trying to do the right thing and that’s more than other compan… Continue reading NSO Confirms Pegasus Spyware Used by at least 5 European Countries→

A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign.
The novel loader, dubbed Nimbda, is “bundled w… Continue reading Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside→

QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it’s in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution.
“A vulnerability has been reported to a… Continue reading Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks→

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data.
In a paper titled “MEGA: Mallea… Continue reading Researchers Uncover Ways to Break the Encryption of ‘MEGA’ Cloud Storage Service→

The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the “Follina” flaw in the Windows operating system to deploy password-stealing malware.
Attributing the intrusions to a Russian n… Continue reading Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine→

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021.
To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — “scanalytic[… Continue reading Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign→