Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Lazarus Group Exploits Chrome Zero-Day in Latest Campaign

The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.

DARKReading
Open in Source
#vulnerability#web#mac#google#git#backdoor#auth#zero_day#chrome
New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the

Bumblebee Malware Is Buzzing Back to Life

Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.

The Global Surveillance Free-for-All in Mobile Ad Data

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is

Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware

Lumma Stealer malware uses fake CAPTCHA to deceive victims. This information-stealing malware targets sensitive data like passwords and…

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

Tricky CAPTCHA Caught Dropping Lumma Stealer Malware

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.