Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Keep Job Scams From Hurting Your Organization

From fake job listings that ding your reputation to fake job applicants who hack your network, job scams are a major threat.

DARKReading
Open in Source
#web#mac#git#intel#sap
Why Malware Crypting Services Deserve More Scrutiny

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Emerging Ransomware Group 8Base Doxxes SMBs Globally

A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe.

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through the Golang backdoor that is using the Ably service," the AhnLab Security Emergency response Center (

WordPress BookIt 2.3.7 Authentication Bypass

WordPress BookIt plugin versions 2.3.7 and below suffer from an authentication bypass vulnerability.

Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets included a government finance department and a corporation that markets products in the Americas as

Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks

VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware

Cymulate Announces Security Analytics for Continuous Threat Exposure Management

New product provides customers with an attacker's view of their cyber resilience aligned to business context.

Netskope Enables Secure Enterprise Use of ChatGPT and Generative AI Applications

ChatGPT usage growing 25% monthly in enterprises, prompting key decisions to block or enable based on security, productivity concerns.

100K+ Infected Devices Leak ChatGPT Accounts to the Dark Web

Infostealers are as alive as ever, wantonly sweeping up whatever business data might be of use to cybercriminals, including OpenAI credentials.