Search Results For: attackers
If you're like me, you spend part of your morning sifting through your inbox to separate the important stuff from the deluge of junk mail that fills it up each and every day (including Gmail accounts, despite Google's best efforts). Even with spam controls in place, it doesn't take much for an email address to become...
Read more...
A newly disclosed Secure Boot vulnerability is putting a large number of PCs at risk of bootkit attacks, with security researchers urging immediate patching. The flaw, tracked as CVE-2025-3052, was uncovered by Binarly Research and involves a signed UEFI module that allows attackers to bypass or disable Secure...
Read more...
A few weeks ago, we reported on Google adding a privacy feature that helps users remove personal information from search engines. To further protect users' personal information, Google has patched a vulnerability that allows attackers to bypass key security features and steal Google users' phone numbers.
To...
Read more...
A new variant of the BADBOX malware campaign has taken root in over a million Android-based devices worldwide, and if youve picked up a cheap smart TV box or projector off Amazon or AliExpress lately, you might be part of the problem. BADBOX 2.0 is a sprawling botnet targeting Android Open Source Project (AOSP)...
Read more...
Crocodilus, a relatively new banking trojan targeting Android devices, is continuing to evolve since it was first spotted back in March by the Mobile Threat Intelligence team at Threat Fabric. The improvements aim to make the malware harder to detect alongside adding new features. Additionally, the threat actors that...
Read more...
Heads up if you have an Asus router in your home or office, as there's a backdoor exploit doing the rounds affecting 9,000 devices and counting. This event came to light by way of the security firm GreyNoise and its Sift AI tool that spotted some odd-looking traffic and flagged it for a closer look.
The page...
Read more...
It might surprise you to learn this, but cybercriminals are usually fairly protective of the data they steal, because things like credentials and login details have value, and can be sold to the right buyer. That's why it's so unusual that this latest discovery was apparently found completely unencrypted and visible...
Read more...
A recent campaign by 3AM ransomware actors found the team using more proactive techniques rather than simple opportunistic hacks by pretending to be IT support. Using a combination of email bombing and spoof IT support calls, unwitting employees dropped their guards, giving the attackers access to their...
Read more...
Yet another user info database has been leaked, which has unfortunately become a common occurrence in this day and age, no matter how much tech users and security professionals curse the cloud. This time around, it was the well-known and generally trusted crypto exchange. Coinbase. Unlike most breaches, though, this...
Read more...
In a disturbing revelation that highlights the evolving nature of cyber threats, a YouTuber uncovered a significant security lapse where a printer manufacturer inadvertently distributed malware-laced software to its customers for at least six months. The drivers, which were hosted on popular file hosting site Mega.nz...
Read more...
If you're a Chrome user, take note that the Cybersecurity and Infrastructure Security Agency (CISA) has identified and reported three zero-day vulnerabilities, and one of these flaws could affect you.
The CISA reported that CVE-2025-4664 is already being exploited in the wild and that it impacts theGoogle Chromium...
Read more...
Intel is once again in the crosshairs of a fresh speculative execution exploit, this time dubbed "Branch Privilege Injection." The new vulnerability, revealed by researchers at ETH Zurich's COMSEC group, is capable of extracting sensitive kernel memory using techniques that bypass existing Spectre-class mitigations...
Read more...
Nefarious hackers have figured out many ways to circumvent 2FA restrictions and harvest passwords with sophisticated phishing traps. Many of these bad actors, however, will soon be looking for new ways to attack Microsoft user accounts. Microsoft seems to have delivered on its earlier promise to push users a...
Read more...
Apple has released iOS 18.4.1 and iPadOS 18.4.1, which fixes two security flaws that impact the Return Pointer Authentication Code (RPAC) and CoreAudio. This update fixes somezero-day vulnerabilities that are already being actively exploited in the wild.
Registered on the CVE program as CVE-2025-31200, one...
Read more...
A recent report of a highly sophisticated phishing attack exploiting Google services targeting a lead developer at Ethereum Foundation, Nick Johnson, proves that internet users need to take more precautions to protect themselves from social engineering tactics like phishing.
The attack's sophistication lies in...
Read more...
A few weeks ago, we reported a study alleging that CAPTCHA does not deter bots and that Google merely uses it to collect and sell data. This week, HP Wolf Security researchers have launched a new complaint against CAPTCHA in the latest edition of the HP Threat Insights Report. This time, however, the complaint has...
Read more...
Bitdefender reports that more than 60 million users have recently downloaded applications used in massive ad fraud campaigns from the Play Store. The fraud campaign, code-named "Vapor," allows attackers to lure users into downloading apps that make them vulnerable to cyberattacks.
The cat-and-mouse game...
Read more...
You probably have experienced situations where you needed to convert files from one format to another. In these cases, free online file converters are a common solution. However, the FBI Denver Field Office has just taken to X (formerly Twitter) to warn users that threat actors now use these seemingly harmless online...
Read more...
This month's Microsoft Patch Tuesday is here and it's a big one. Last monthfixed 63 vulnerabilities. This month's update, however, includes patches for another 57 security vulnerabilities, six of which are already being actively exploited by hackers, while cybersecurity experts describe another six as critical. These...
Read more...
Phishing attacks continue to surge, with estimates indicating over 800,000 victims in the first quarter of 2024, a 4% rise from the same period the previous year. Attackers persistently try to deceive individuals into revealing their credentials. While Two-Factor Authentication (2FA) is commonly used as a...
Read more...
Following last month's update which addressed 159 security flaws, Microsoft has released another significant patch, this time fixing 63 vulnerabilities of varying severity (critical, important, moderate, and low). Three critical vulnerabilities requiring user action are CVE-2025-21376, CVE-2025-21379, and...
Read more...
Apple's USB Restricted Mode, a key iOS security feature since 2018 designed to prevent unauthorized USB data access, has been found to have vulnerabilities exploited in sophisticated cyberattacks. Yesterday, the smartphone giant addressed this security flaw with iOS 18.3.1 and iPadOS 18.3.1.The vulnerability allows...
Read more...
