Tag: software
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…
-
âš¡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly.Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point.What follows is a set of…
-
North Korealinked KONNI uses AI to build stealthy malware tooling
Check Point links an active phishing campaign to North Koreaaligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korealinked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project…
-
Fortinet confirms new zero-day attacks against customer devices
cloud-init@mail.io and cloud-noc@mail.io. Other admin accounts are created with the names: audit, backup, itadmin, secadmin, and support. Mitigation: If these or other IOCs such as IP addresses are identified in configurations or the device logs, the system and its configuration should be considered compromised. Fortinet recommends updating the device to the latest available software release,…
-
CISA confirms active exploitation of four enterprise software bugs
The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-confirms-active-exploitation-of-four-enterprise-software-bugs/
-
NDSS 2025 Attributing Open-Source Contributions Is Critical But Difficult
Tags: attack, awareness, conference, cryptography, email, github, Internet, malicious, network, open-source, programming, software, supply-chainSession 9D: Github + OSN Security Authors, Creators & Presenters: Jan-Ulrich Holtgrave (CISPA Helmholtz Center for Information Security), Kay Friedrich (CISPA Helmholtz Center for Information Security), Fabian Fischer (CISPA Helmholtz Center for Information Security), Nicolas Huaman (Leibniz University Hannover), Niklas Busch (CISPA Helmholtz Center for Information Security), Jan H. Klemmer (CISPA Helmholtz Center for Information…
-
NIST is rethinking its role in analyzing software vulnerabilities
As the agency’s vulnerability database buckles under a flood of submissions, it’s planning to shift some responsibilities to other parties. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-cve-vulnerability-analysis-nvd-review/810300/
-
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow…
-
CISA Updates KEV Catalog with 4 Critical Vulnerabilities Following Ongoing Exploits
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, software, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were added on January 22, 2026, with a standardized deadline of February 12, 2026, requiring federal agencies and critical infrastructure operators to implement patches or mitigations.…
-
NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers
Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nhs-open-letter-demands-improved/
-
Angreifer missbrauchen Tools für Remote-Monitoring und Management als Backdoor
Die KnowBe4 Threat Labs informieren über eine ausgeklügelte Dual-Vektor-Kampagne, die die Bedrohungskette nach der Kompromittierung von Anmeldedaten demonstriert. Anstatt maßgeschneiderte Malware einzusetzen, umgehen die Angreifer die Sicherheitsperimeter, indem sie IT-Tools missbrauchen, denen von IT-Administratoren vertraut wird. Indem sie sich einen ‘Generalschlüssel” für das System verschaffen, verwandeln sie legitime Remote-Monitoring and Management (RMM)-Software in eine dauerhafte…
-
What are drive-by download attacks?
A drive-by download attack is a type of cyber threat where malicious software is downloaded and installed on a user’s device without their knowledge or consent simply by visiting a compromised or malicious website. Unlike traditional malware attacks, users often do not have to click a link or open an attachment, the infection can… First…
-
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Tags: access, attack, breach, credentials, cybersecurity, monitoring, phishing, software, threat, toolCybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts.”Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust,” KnowBe4 Threat First seen on thehackernews.com Jump…
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and…
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
-
Obsidian Security Extends Reach to SaaS Application Integrations
Obsidian Security today announced that it has extended the reach of its platform for protecting software-as-a-service (SaaS) applications to include any integrations. Additionally, the company is now making it possible to limit which specific end users of a SaaS application are allowed to grant and authorize new SaaS integrations by enforcing least privilege policies. Finally,..…
-
KI-generierte Malware bedroht Entwickler und Blockchain-Ökosysteme
Check Point Research veröffentlicht die Ergebnisse seiner Analyse einer neuen Phishing-Kampagne im Zusammenhang mit <>. Die Malware-Familie wird der nordkoreanischen Gruppe APT37 zugerechnet. Aufgrund der Analyse stellen die Sicherheitsforscher fest, dass KI-generierte Malware nun einsatzbereit ist und Cyber-Kriminelle nicht mehr nur damit experimentieren. Die Kampagne zielt auf Software-Entwickler und Ingenieure ab, die an Blockchain- und…
-
Check Point führt KI-getriebenes Exposure-Management zur Schließung des Cybersecurity-Remediation-Gap ein
Check Point Software Technologies hat sein neues Exposure Management speziell gegen KI-Attacken entworfen. Es hilft Organisationen dabei, ihre Risiken schneller zu senken, während die Firmen bei ihnen im Einsatz befindliche Sicherheitskontrollen und -lösungen bereits nutzen können. Ein neuer Report fasst außerdem die Bedrohungslage in diesem Bereich zusammen. Der neue Ansatz des vorgestellten Exposure-Managements unterstützt Unternehmen…
-
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously…
-
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
Tags: 2fa, business, dos, flaw, gitlab, infrastructure, programming, rce, remote-code-execution, software, update, vulnerabilityBoth platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity. The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-gitlab-security-flaws-patched/
-
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible…
-
Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace
Tags: access, attack, ciso, cloud, compliance, computing, container, control, data, defense, dora, email, encryption, GDPR, google, Hardware, healthcare, identity, infrastructure, law, malware, network, privacy, regulation, resilience, risk, service, software, strategy, zero-trustSecuring the Future: Practical Approaches to Digital Sovereignty in Google Workspace madhav Thu, 01/22/2026 – 04:35 In today’s rapidly evolving digital landscape, data privacy and sovereignty have become top priorities for organizations worldwide. With the proliferation of cloud services and the tightening of global data protection regulations, security professionals face mounting pressure to ensure their…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…