Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. […]
The Week in Ransomware – December 22nd 2023 – BlackCat hacked
Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. […]
Ubisoft says it’s investigating reports of a new security breach
Ubisoft is investigating whether it suffered a breach after images of the company’s internal software and developer tools were leaked online. […]
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Threat hunters have discovered a rogue WordPress plugin that’s capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information.
The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri.
“As with many other malicious or fake WordPress plugins it contains some deceptive information at
The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri.
“As with many other malicious or fake WordPress plugins it contains some deceptive information at
Nissan Australia cyberattack claimed by Akira ransomware gang
Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. […]
Europol warns 443 online shops infected with credit card stealers
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. […]
Fake VPN Chrome extensions force-installed 1.5 million times
Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. […]
Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities
Indian government entities and the defense sector have been targeted by a phishing campaign that’s engineered to drop Rust-based malware for intelligence gathering.
The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE.
“New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate
The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE.
“New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.
“Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers’ unfamiliarity can hamper their investigation,” Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara 
“Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers’ unfamiliarity can hamper their investigation,” Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara 
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE.
“The threat actor targets Ukrainian employees working for companies outside of Ukraine,” cybersecurity firm Deep Instinct said in a Thursday analysis.
UAC-0099 was first
“The threat actor targets Ukrainian employees working for companies outside of Ukraine,” cybersecurity firm Deep Instinct said in a Thursday analysis.
UAC-0099 was first