1+ hour, 35+ min ago  (808+ words) A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a…...

2+ hour, 44+ min ago  (767+ words) A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. "Because it's already being exploited in the wild, this isn't a "patch next…...

1+ day, 9+ hour ago  (563+ words) A widely active phishing-as-a-service (Phaa S) operation known as Flower Storm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for traditional email…...

2+ day, 14+ hour ago  (14+ words) Dass Cyberschurken KI nutzen, ist nichts Neues. Der von Google identifizierte Exploit allerdings schon....

3+ day, 12+ hour ago  (600+ words) A newly disclosed c Panel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked…...

1+ week, 1+ day ago  (98+ words) Paid subscribers are given access as a perk, while unpaid users are refused access in the EU on data protection grounds....

2+ week, 1+ day ago  (916+ words) Identity and access management provider Okta has discovered what it says is a novel phishing-as-a-service (Phaa S) operation that, if victims fall for an infected email, may get around the user account protections from third-party single sign-on providers to steal Microsoft…...

2+ week, 1+ day ago  (417+ words) Over just two days in mid-December, attackers launched large-scale automated login attempts against Cisco's SSL VPN and Palo Alto Networks' Global Protect services. A Grey Noise analysis noted that the campaign does not exploit software bugs, but instead relies on…...

3+ week, 6+ day ago  (335+ words) Seemingly harmless Chrome extensions aimed at improving browser privacy and analytics could be inadvertently leaking API keys, secrets, and other sensitive machine information." According to a Symantec research, several widely used Chrome extensions, including Dual Safe Password Manager and Avast…...

1+ mon, 12+ hour ago  (199+ words) Europol'has announced'that it has carried out a major crackdown on cybercriminal actors in cooperation with the police authorities in 15 countries as part of an ongoing international crackdown known as Power OFF. Included in the effort are the Australian Federal Police,…...