A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to Zhefengle, a China-based e-commerce store for importing goods from overseas. The database contained more than […]
Estimated reading time: 13 minutes SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads. The compromised domains, used […]
The company discovered suspicious activity in employee email accounts in January 2023 and determined that the breach occurred between December 2022 and January 2023. The stolen data includes names, SSNs, and financial account information.
Nov 03, 2023NewsroomSoftware Security / Malware A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. “These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,” software supply chain security firm […]
ReversingLabs has identified connections between a malicious campaign that was recently discovered and reported by the firm Phylum and several hundred malicious packages published to the NuGet package manager since the beginning of August. The latest discoveries are evidence of what seems to be an ongoing and coordinated campaign. Furthermore, ReversingLabs research shows how malicious […]
A security researcher has discovered two vulnerabilities in Wyze Cam v3 firmware and released a proof-of-concept exploit that can be used to gain remote code execution and take over vulnerable devices.
Security researchers have discovered what they believe may be a government attempt to covertly wiretap an instant messaging service in Germany — an attempt that was blown because the potential intercepting authorities failed to reissue a TLS certificate. The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received […]
Researchers have discovered possible signs of cooperation between the Palestinian militant organization Hamas and one of the longest-running groups of Arabic-speaking hackers. According to a report published Thursday by researchers at Recorded Future, Hamas has allegedly turned to operators outside Gaza and “third parties” to keep a news website linked to its military wing, Al-Qassam […]
The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. So it makes sense that organizations are starting to recognize the importance of not leaving long gaps between their scans, and the term “continuous vulnerability scanning” is becoming more popular. Hackers won’t wait for your next […]