A recent Facebook malvertising campaign exploited Meta’s advertising platform to distribute malware disguised as a Bitwarden security update. Cybersecurity researchers at Bitdefender revealed that the campaign targeted business accounts, tricking users into installing malicious Chrome extensions.
Read MoreMicrosoft’s November 2024 Patch Tuesday update addresses 91 security vulnerabilities, including four zero-day flaws, with two actively exploited in the wild.
Read MoreA self-described "data vigilante" known as Nam3L3ss has leaked nearly 8 million employee records from 27 major companies, including Amazon, 3M, HP, and Delta, exploiting the MOVEit vulnerability.
Read MoreCybersecurity researchers at Socket Security have discovered a malicious Python package called "Fabrice" on PyPI, which has been covertly stealing AWS credentials from developers for three years.
Read MoreThe Androxgh0st botnet, which initially targeted web servers, has evolved by integrating components from the Mozi botnet, a notorious malware that primarily infects IoT devices. According to CloudSEK researchers, this integration allows Androxgh0st to expand its reach, leveraging Mozi’s payloads and propagation mechanisms to infect a wider array of IoT devices.
Read MoreCybercriminals are leveraging DocuSign’s APIs to send realistic phishing invoices that evade spam filters by appearing to originate from legitimate DocuSign accounts. This technique allows attackers to target users with fake invoices from trusted platforms like Norton, increasing the risk of deception. Security researchers at Wallarm warn that this method capitalizes on the credibility of DocuSign to bypass detection.
Read MoreHackers allege they accessed Nokia’s internal systems through a third-party contractor, stealing sensitive data, including SSH keys and source code. The data is reportedly listed for $20,000 on BreachForums, with the hacker insisting that no customer information was compromised. Nokia has yet to address these claims.
Read More