Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May...
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to...
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia.Slovak cybersecurity firm ESET, which...
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under...
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to...
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability...
5 Must-Have Tools for Effective Dynamic Malware Analysis
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment...
Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a...
Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration.Enterprise security firm Proofpoint said it began...
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management...