Security researchers discovered a “package planting” flaw that allows malware developers to add respected open-source contributors to malicious NPM packages without notification or approval.
Lazarus APT targets the employees of blockchain companies with fake job offers, tricking them into downloading trojanized apps that steal security keys and make fraudulent transactions.
US intelligence agencies have issued a public warning indicating that APT groups have developed a "mutli-tool" malware kit that targets a commonly used range of industrial control systems.
The operation disrupted Russian GRU control over infected devices by removing Cyclops Blink botnet malware from the infected WatchGuard Firebox devices used as command-and-control (C2) servers.
Recently discovered Spring4Shell vulnerability has been leveraged to spread Mirai botnet malware in recent attacks. Security researchers say that a recent campaign is focusing on organizations in Singapore.
The destructive malware that is currently being spread in Ukraine acts like ransomware in that it locks up target systems by encrypting key files, but there is no payment option.
Botnet discovered by Chinese researchers introduced a backdoor and a web shell on compromised AT&T VoIP servers, mostly in the US, for DDoS attacks and data exfiltration.
Microsoft detected a second hacking team targeting Orion software and running its campaign parallel to the Russian hacking group; SolarWinds acknowledges the threat.
Browser extensions are creeping their way into being a favorite of malicious actors. Why are dangerous extensions still a challenge, even though Google is actively combating the problem?
FBI arrested a Russian hacker who offered a $1 million bribe to a Russian speaking Tesla employee to install malware for a ransomware attack.