2+ hour ago  (524+ words) Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who…...

2+ day, 18+ hour ago  (430+ words) The Office of Inspector General (OIG) of the U. S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U. S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well…...

1+ week, 4+ day ago  (360+ words) A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency'sectors. The…...

1+ week, 2+ day ago  (586+ words) Threat actors are exploiting security flaws in TBK DVR and end'of'life (Eo L) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet Forti Guard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR…...

1+ week, 4+ day ago  (371+ words) N8n is a workflow automation platform that allows users to connect various web applications, APIs, and AI model services to sync data, build agentic systems, and run repetitive rule-based'tasks. Users can register for a developer account at no extra cost'to avail…...

1+ week, 5+ day ago  (557+ words) "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time," Italian online fraud prevention firm'Cleafy said. "Beyond traditional RAT behavior, Mirax enhances its operational value by turning infected devices'into residential…...

1+ week, 5+ day ago  (361+ words) Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and…...

1+ week, 6+ day ago  (743+ words) The U. S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit'called W3 LL to steal thousands of victims' account credentials and attempt more than…...

2+ week, 4+ day ago  (319+ words) Called Masjesu, the botnet has been advertised via Telegram as a DDo S-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of Io T devices, such as routers and gateways, spanning multiple architectures. "Built for…...

2+ week, 5+ day ago  (806+ words) The Russia-linked threat actor known'as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure Mikro Tik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of…...