Author Archives: Ravie Lakshmanan

Malicious actors can gain unauthorized access to users’ online accounts via a new technique called “account pre-hijacking,” latest research has found.
The attack takes aim at the account creation process that’s ubiquitous in websites and other online … Continue reading Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them→

An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022.
“The campaigns […] are designed to implan… Continue reading Researchers Find New Malware Attacks Targeting Russian Government Entities→

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and ex… Continue reading New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message→

Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma.
“Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware,” B… Continue reading New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild→

Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the open source ecosystem.
One of the packages in question is “ctx,” a Python module available in the PyPi repository… Continue reading Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys→

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, inclu… Continue reading Conti Ransomware Operation Shut Down After Splitting into Smaller Groups→

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection.
“It’s a shift from earlier tactics where attackers conspicuously injected mal… Continue reading Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code→

A security researcher claims to have discovered an unpatched vulnerability in PayPal’s money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click.
Clickjacking, als… Continue reading New Unpatched Bug Could Let Attackers Steal Money from PayPal Users→

Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research.
“Fronton is a system developed for coordinated inauthentic behavior on a massive scale,” t… Continue reading Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns→

At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat (APT).
The attacks, codenamed “Twisted Panda,” come in t… Continue reading Chinese “Twisted Panda” Hackers Caught Spying on Russian Defense Institutes→