Collaborate Disseminate
Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using it without first verifying whether it’s malicious. “Over the cour… Continue reading Hundreds of GitHub repos served up malware for years
DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted i… Continue reading Background check, drug testing provider DISA suffers data breach
Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Window… Continue reading China-based Silver Fox spoofs healthcare app to deliver malware
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploi… Continue reading PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at least one that… Continue reading Account takeover detection: There’s no single tell
Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and… Continue reading PRevent: Open-source tool to detect malicious code in pull requests
A new, improved version of Darcula, a cat-themed phishing-as-a-service (PhaaS) platform aimed at serving Chinese-speaking criminals, will be released this month and will allow malicious users to create customized phishing kits to target a wider variety… Continue reading Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively e… Continue reading Attackers are chaining flaws to breach Palo Alto Networks firewalls
BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest. Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum… Continue reading BlackLock ransomware onslaught: What to expect and how to fight it
A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and backdoor-injecting malware targeting Mac users. It… Continue reading The XCSSET info-stealing malware is back, targeting macOS users and devs