This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T21:06:47+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second]]> 2024-07-17T14:17:00+00:00 https://thehackernews.com/2024/07/china-linked-apt17-targets-italian.html www.secnews.physaphae.fr/article.php?IdArticle=8538711 False Malware,Threat APT 17 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that\'s known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of]]> 2024-07-17T11:20:00+00:00 https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html www.secnews.physaphae.fr/article.php?IdArticle=8538650 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are]]> 2024-07-17T10:55:00+00:00 https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8538623 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and]]> 2024-07-16T16:30:00+00:00 https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8538131 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack]]> 2024-07-16T14:30:00+00:00 https://thehackernews.com/2024/07/void-banshee-apt-exploits-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8538070 False Vulnerability,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software]]]> 2024-07-15T15:54:00+00:00 https://thehackernews.com/2024/07/crystalray-hackers-infect-over-1500.html www.secnews.physaphae.fr/article.php?IdArticle=8537474 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T\'s wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated]]> 2024-07-13T11:21:00+00:00 https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html www.secnews.physaphae.fr/article.php?IdArticle=8536176 False Data Breach,Threat,Mobile,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users\' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass]]> 2024-07-12T16:21:00+00:00 https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8535649 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles - often purporting to belong to individuals in the]]> 2024-07-12T14:00:00+00:00 https://thehackernews.com/2024/07/us-seizes-domains-used-by-ai-powered.html www.secnews.physaphae.fr/article.php?IdArticle=8535563 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply]]> 2024-07-11T20:36:00+00:00 https://thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8535089 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in]]> 2024-07-11T18:01:00+00:00 https://thehackernews.com/2024/07/chinese-apt41-upgrades-malware-arsenal.html www.secnews.physaphae.fr/article.php?IdArticle=8534993 False Malware,Threat APT 41 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit]]> 2024-07-11T16:30:00+00:00 https://thehackernews.com/2024/07/streamlined-security-solutions-pam-for.html www.secnews.physaphae.fr/article.php?IdArticle=8534956 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It]]> 2024-07-11T10:49:00+00:00 https://thehackernews.com/2024/07/php-vulnerability-exploited-to-spread.html www.secnews.physaphae.fr/article.php?IdArticle=8534774 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target]]> 2024-07-10T18:36:00+00:00 https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html www.secnews.physaphae.fr/article.php?IdArticle=8534322 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are:  53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities.]]> 2024-07-10T17:00:00+00:00 https://thehackernews.com/2024/07/smash-and-grab-extortion.html www.secnews.physaphae.fr/article.php?IdArticle=8534217 False Vulnerability,Threat,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack]]> 2024-07-09T15:35:00+00:00 https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html www.secnews.physaphae.fr/article.php?IdArticle=8533410 False Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT 40 has previously targeted organizations in various countries, including]]> 2024-07-09T11:26:00+00:00 https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html www.secnews.physaphae.fr/article.php?IdArticle=8533291 False Threat APT 40 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis published last week. "The attacker has cleverly hidden the malware in the seldom-used \'end\' function of]]> 2024-07-09T10:18:00+00:00 https://thehackernews.com/2024/07/trojanized-jquery-packages-found-on-npm.html www.secnews.physaphae.fr/article.php?IdArticle=8533241 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed]]> 2024-07-08T21:12:00+00:00 https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8532915 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week. "While some of the particulars of GootLoader payloads have]]> 2024-07-05T14:10:00+00:00 https://thehackernews.com/2024/07/gootloader-malware-delivers-new.html www.secnews.physaphae.fr/article.php?IdArticle=8531053 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users\' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters]]> 2024-07-04T09:07:00+00:00 https://thehackernews.com/2024/07/twilios-authy-app-breach-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8530308 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems," Fortinet FortiGuard]]> 2024-07-03T15:23:00+00:00 https://thehackernews.com/2024/07/microsoft-mshtml-flaw-exploited-to.html www.secnews.physaphae.fr/article.php?IdArticle=8529806 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unnamed South Korean enterprise resource planning (ERP) vendor\'s product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the]]> 2024-07-03T09:03:00+00:00 https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8529674 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from]]> 2024-07-02T16:30:00+00:00 https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html www.secnews.physaphae.fr/article.php?IdArticle=8529434 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected]]> 2024-07-02T10:18:00+00:00 https://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html www.secnews.physaphae.fr/article.php?IdArticle=8529384 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group\'s trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex]]> 2024-07-01T18:30:00+00:00 https://thehackernews.com/2024/07/caprarat-spyware-disguised-as-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8529204 False Threat,Mobile,Prediction APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that\'s designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames,]]> 2024-06-28T21:49:00+00:00 https://thehackernews.com/2024/06/kimsuky-using-translatext-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8527312 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms," Trend Micro researchers Ahmed]]> 2024-06-28T17:29:00+00:00 https://thehackernews.com/2024/06/8220-gang-exploits-oracle-weblogic.html www.secnews.physaphae.fr/article.php?IdArticle=8527143 False Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The modern kill chain is eluding enterprises because they aren\'t protecting the infrastructure of modern business: SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven\'t revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem]]> 2024-06-28T16:30:00+00:00 https://thehackernews.com/2024/06/combatting-evolving-saas-kill-chain-how.html www.secnews.physaphae.fr/article.php?IdArticle=8527144 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat\'s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates]]> 2024-06-27T20:01:00+00:00 https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html www.secnews.physaphae.fr/article.php?IdArticle=8526611 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean]]> 2024-06-26T15:43:00+00:00 https://thehackernews.com/2024/06/chinese-and-n-korean-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8525921 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware]]> 2024-06-25T16:12:00+00:00 https://thehackernews.com/2024/06/new-attack-technique-exploits-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8525279 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022," Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said in a]]> 2024-06-25T15:00:00+00:00 https://thehackernews.com/2024/06/new-cyberthreat-boolka-deploying.html www.secnews.physaphae.fr/article.php?IdArticle=8525280 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill\'s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  Cybersecurity professionals are facing unprecedented challenges as they strive to manage increasing workloads]]> 2024-06-24T16:51:00+00:00 https://thehackernews.com/2024/06/ease-burden-with-ai-driven-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8524601 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future\'s Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing\'s intelligence]]> 2024-06-24T13:19:00+00:00 https://thehackernews.com/2024/06/redjuliett-cyber-espionage-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8524508 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities]]> 2024-06-24T10:34:00+00:00 https://thehackernews.com/2024/06/iranian-hackers-deploy-rafel-rat-in.html www.secnews.physaphae.fr/article.php?IdArticle=8524430 False Tool,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries\' Ministries]]> 2024-06-21T19:12:00+00:00 https://thehackernews.com/2024/06/chinese-hackers-deploy-spicerat-and.html www.secnews.physaphae.fr/article.php?IdArticle=8522746 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the infection sequence. "While there are many methods used today to deploy malware, the threat actors]]> 2024-06-21T18:31:00+00:00 https://thehackernews.com/2024/06/military-themed-emails-used-to-spread.html www.secnews.physaphae.fr/article.php?IdArticle=8522706 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News]]> 2024-06-20T15:52:00+00:00 https://thehackernews.com/2024/06/chinese-cyber-espionage-targets-telecom.html www.secnews.physaphae.fr/article.php?IdArticle=8521794 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken\'s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that "allowed them to]]> 2024-06-19T22:10:00+00:00 https://thehackernews.com/2024/06/kraken-crypto-exchange-hit-by-3-million.html www.secnews.physaphae.fr/article.php?IdArticle=8521232 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available]]> 2024-06-19T20:39:00+00:00 https://thehackernews.com/2024/06/chinese-cyber-espionage-group-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8521193 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as]]> 2024-06-19T15:53:00+00:00 https://thehackernews.com/2024/06/void-arachne-uses-deepfakes-and-ai-to.html www.secnews.physaphae.fr/article.php?IdArticle=8521026 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,]]> 2024-06-19T15:38:00+00:00 https://thehackernews.com/2024/06/warning-markopolos-scam-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8521027 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)," Trellix security]]> 2024-06-18T19:00:00+00:00 https://thehackernews.com/2024/06/cybercriminals-exploit-free-software.html www.secnews.physaphae.fr/article.php?IdArticle=8520463 False Malware,Threat,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim\'s system," German]]> 2024-06-17T11:58:00+00:00 https://thehackernews.com/2024/06/hackers-exploit-legitimate-websites-to.html www.secnews.physaphae.fr/article.php?IdArticle=8519593 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office. "Due to the nature of crack programs, information sharing amongst]]> 2024-06-17T10:41:00+00:00 https://thehackernews.com/2024/06/nicerat-malware-targets-south-korean.html www.secnews.physaphae.fr/article.php?IdArticle=8519566 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group\'s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal is]]> 2024-06-15T15:21:00+00:00 https://thehackernews.com/2024/06/grandoreiro-banking-trojan-hits-brazil.html www.secnews.physaphae.fr/article.php?IdArticle=8518517 False Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary\'s exclusive use of a malware called DISGOMOJI that\'s written in Golang and is designed to infect Linux systems. "It is a modified version of the public project]]> 2024-06-15T13:43:00+00:00 https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8518492 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country\'s emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil\'s aerospace, technology, and financial services sectors," Google\'s Mandiant and]]> 2024-06-14T12:15:00+00:00 https://thehackernews.com/2024/06/north-korean-hackers-target-brazilian.html www.secnews.physaphae.fr/article.php?IdArticle=8517782 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app," ESET researcher Lukáš Štefanko said in a report published today. "Often]]> 2024-06-13T19:25:00+00:00 https://thehackernews.com/2024/06/arid-viper-launches-mobile-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=8517163 False Malware,Threat,Mobile APT-C-23 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin. The]]> 2024-06-13T15:56:00+00:00 https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8517165 False Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related to the nature of attacks exploiting it, but noted "there are indications that CVE-2024-32896 may be]]> 2024-06-13T12:38:00+00:00 https://thehackernews.com/2024/06/google-warns-of-pixel-firmware-security.html www.secnews.physaphae.fr/article.php?IdArticle=8517168 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."]]> 2024-06-13T11:55:00+00:00 https://thehackernews.com/2024/06/new-cross-platform-malware-noodle-rat.html www.secnews.physaphae.fr/article.php?IdArticle=8517169 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it\'s an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. "In this incident, the threat actor abused anonymous access to an]]> 2024-06-12T19:12:00+00:00 https://thehackernews.com/2024/06/cryptojacking-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8517170 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve]]> 2024-06-12T16:41:00+00:00 https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html www.secnews.physaphae.fr/article.php?IdArticle=8517172 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the]]> 2024-06-12T13:36:00+00:00 https://thehackernews.com/2024/06/china-backed-hackers-exploit-fortinet.html www.secnews.physaphae.fr/article.php?IdArticle=8517174 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) Valhall GPU Kernel Driver (all versions from r34p0 to r40p0) "A local non-privileged user can make improper GPU memory]]> 2024-06-11T12:07:00+00:00 https://thehackernews.com/2024/06/arm-warns-of-actively-exploited-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8517182 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People\'s Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs," Google Threat Analysis Group (TAG) researcher Billy Leonard said in the company\'s quarterly bulletin]]> 2024-06-10T16:30:00+00:00 https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=8516276 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vaccine development, and the aviation sector, expanding beyond their initial focus of government]]> 2024-06-10T10:59:00+00:00 https://thehackernews.com/2024/06/sticky-werewolf-expands-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8516123 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk]]> 2024-06-07T12:43:00+00:00 https://thehackernews.com/2024/06/spectr-malware-targets-ukraine-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8514542 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham]]> 2024-06-07T10:40:00+00:00 https://thehackernews.com/2024/06/commando-cat-cryptojacking-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8514493 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for cryptocurrency mining and launching Distributed Denial]]> 2024-06-06T18:44:00+00:00 https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html www.secnews.physaphae.fr/article.php?IdArticle=8514147 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill\'s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising]]> 2024-06-06T17:00:00+00:00 https://thehackernews.com/2024/06/third-party-cyber-attacks-threat-no-one.html www.secnews.physaphae.fr/article.php?IdArticle=8514089 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He\'s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working]]> 2024-06-06T15:25:00+00:00 https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html www.secnews.physaphae.fr/article.php?IdArticle=8514039 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis. The volume of]]> 2024-06-06T15:24:00+00:00 https://thehackernews.com/2024/06/hackers-exploit-legitimate-packer.html www.secnews.physaphae.fr/article.php?IdArticle=8514040 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of]]> 2024-06-05T16:30:00+00:00 https://thehackernews.com/2024/06/unpacking-2024s-saas-threat-predictions.html www.secnews.physaphae.fr/article.php?IdArticle=8513617 False Threat,Studies,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to]]> 2024-06-05T11:52:00+00:00 https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=8513481 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds. "The Hellhounds group compromises organizations they select and]]> 2024-06-04T21:03:00+00:00 https://thehackernews.com/2024/06/russian-power-companies-it-firms-and.html www.secnews.physaphae.fr/article.php?IdArticle=8513101 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who]]> 2024-06-04T12:03:00+00:00 https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html www.secnews.physaphae.fr/article.php?IdArticle=8512816 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise. Cato\'s Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released]]> 2024-06-03T16:26:00+00:00 https://thehackernews.com/2024/06/sase-threat-report-8-key-findings-for.html www.secnews.physaphae.fr/article.php?IdArticle=8512362 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks," the AhnLab Security Intelligence Center (ASEC) said in a report]]> 2024-06-03T13:04:00+00:00 https://thehackernews.com/2024/06/andariel-hackers-target-south-korean.html www.secnews.physaphae.fr/article.php?IdArticle=8512269 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said.]]> 2024-05-31T19:12:00+00:00 https://thehackernews.com/2024/05/microsoft-warns-of-surge-in-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8510649 False Threat,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has made \'digital content\' the preferred carrier for cybercriminals]]> 2024-05-31T16:30:00+00:00 https://thehackernews.com/2024/05/beyond-threat-detection-race-to-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8510578 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with]]> 2024-05-31T15:40:00+00:00 https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html www.secnews.physaphae.fr/article.php?IdArticle=8510552 False Malware,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor called FlyingYeti targeting Ukraine. "The FlyingYeti campaign capitalized on anxiety over the potential loss of access to housing and utilities by enticing targets to open malicious files via debt-themed lures," Cloudflare\'s threat intelligence team Cloudforce One]]> 2024-05-30T22:07:00+00:00 https://thehackernews.com/2024/05/flyingyeti-exploits-winrar.html www.secnews.physaphae.fr/article.php?IdArticle=8510149 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data of interest to]]> 2024-05-30T20:56:00+00:00 https://thehackernews.com/2024/05/cyber-espionage-alert-lilacsquid.html www.secnews.physaphae.fr/article.php?IdArticle=8510090 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now incorporates new anti-analysis techniques, according to findings from web infrastructure and security]]> 2024-05-30T19:54:00+00:00 https://thehackernews.com/2024/05/redtail-crypto-mining-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8510056 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. "These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization]]> 2024-05-30T19:19:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-active-exploitation.html www.secnews.physaphae.fr/article.php?IdArticle=8510057 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world\'s largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global footprint spanning more than 190 countries, functioned as a residential proxy service known as 911 S5.]]> 2024-05-30T14:25:00+00:00 https://thehackernews.com/2024/05/us-dismantles-worlds-largest-911-s5.html www.secnews.physaphae.fr/article.php?IdArticle=8509910 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers," the Identity and access management (IAM) services provider said. The]]> 2024-05-30T12:22:00+00:00 https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html www.secnews.physaphae.fr/article.php?IdArticle=8509848 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability potentially allows an attacker to read certain information on]]> 2024-05-29T20:46:00+00:00 https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8509387 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and]]> 2024-05-29T16:05:00+00:00 https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html www.secnews.physaphae.fr/article.php?IdArticle=8509208 False Ransomware,Malware,Threat,Industrial APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs\' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team ]]> 2024-05-28T15:45:00+00:00 https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html www.secnews.physaphae.fr/article.php?IdArticle=8508458 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations.]]> 2024-05-28T12:00:00+00:00 https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html www.secnews.physaphae.fr/article.php?IdArticle=8508327 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate\'s platform customers,"]]> 2024-05-25T14:41:00+00:00 https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8506643 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE]]> 2024-05-24T22:00:00+00:00 https://thehackernews.com/2024/05/hackers-created-rogue-vms-to-evade.html www.secnews.physaphae.fr/article.php?IdArticle=8506215 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices]]> 2024-05-24T18:20:00+00:00 https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8506136 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Don\'t be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they\'re getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from Huntress\' Threat Report," in which Jamie Levy - Director of Adversary Tactics at Huntress, a renowned]]> 2024-05-24T17:19:00+00:00 https://thehackernews.com/2024/05/how-do-hackers-blend-in-so-well-learn.html www.secnews.physaphae.fr/article.php?IdArticle=8506072 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google\'s Threat Analysis Group and Brendon Tiszka of]]> 2024-05-24T15:40:00+00:00 https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html www.secnews.physaphae.fr/article.php?IdArticle=8506074 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,"]]> 2024-05-23T22:33:00+00:00 https://thehackernews.com/2024/05/ransomware-attacks-exploit-vmware-esxi.html www.secnews.physaphae.fr/article.php?IdArticle=8505590 False Ransomware,Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point]]> 2024-05-23T19:20:00+00:00 https://thehackernews.com/2024/05/new-frontiers-old-tactics-chinese-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8505502 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor\'s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks]]> 2024-05-23T16:44:00+00:00 https://thehackernews.com/2024/05/inside-operation-diplomatic-specter.html www.secnews.physaphae.fr/article.php?IdArticle=8505403 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that\'s believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. "The investigation revealed a troubling]]> 2024-05-22T19:45:00+00:00 https://thehackernews.com/2024/05/researchers-warn-of-chinese-aligned.html www.secnews.physaphae.fr/article.php?IdArticle=8504840 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021. "This]]> 2024-05-22T13:11:00+00:00 https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html www.secnews.physaphae.fr/article.php?IdArticle=8504569 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker\'s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely]]> 2024-05-21T18:37:00+00:00 https://thehackernews.com/2024/05/solarmarker-malware-evolves-to-resist.html www.secnews.physaphae.fr/article.php?IdArticle=8504065 False Malware,Threat,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today\'s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply]]> 2024-05-21T17:03:00+00:00 https://thehackernews.com/2024/05/five-core-tenets-of-highly-effective.html www.secnews.physaphae.fr/article.php?IdArticle=8504002 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system,]]> 2024-05-21T15:52:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html www.secnews.physaphae.fr/article.php?IdArticle=8503971 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by]]> 2024-05-20T21:35:00+00:00 https://thehackernews.com/2024/05/iranian-mois-linked-hackers-behind.html www.secnews.physaphae.fr/article.php?IdArticle=8503509 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point said in a technical report. "This exploit has been used by multiple]]> 2024-05-20T17:50:00+00:00 https://thehackernews.com/2024/05/foxit-pdf-reader-flaw-exploited-by.html www.secnews.physaphae.fr/article.php?IdArticle=8503379 False Malware,Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. "The presence of multiple malware variants suggests a broad cross-platform targeting]]> 2024-05-20T14:56:00+00:00 https://thehackernews.com/2024/05/cyber-criminals-exploit-github-and.html www.secnews.physaphae.fr/article.php?IdArticle=8503323 False Malware,Threat None 2.0000000000000000