Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. “These samples enhance Sparkling Pisces’ already […]
Splinter, a new post-exploitation tool, has emerged as a threat, with attackers using it to wreak havoc by executing commands, stealing files, and downloading malware onto victims’ systems.
A critical vulnerability has been identified in Proxmox Virtual Environment (VE) and Proxmox Mail Gateway (PMG) that could allow unauthorized access to sensitive files and potentially lead to a full system compromise.
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time – […]
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection […]
This flaw, identified as CVE-2024-9014 and carrying a CVSS score of 9.9, could enable attackers to potentially compromise user data through the OAuth2 authentication mechanism.
RecordStealer, also known as RecordBreaker and Raccoon Stealer V2, is a persistent threat that steals sensitive information like credit card data, passwords, and cryptocurrency wallets.
Two critical vulnerabilities have been discovered in Proroute H685t-w 4G routers: a command injection flaw (CVE-2024-45682) allowing complete system takeover and a cross-site scripting vulnerability (CVE-2024-38380) enabling account hijacking.
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. “Between late 2022 to present, SloppyLemming