The state-sponsored APT has been targeting the victims’ family members to increase pressure on their targets.
The post Iranian Hackers Target Defense and Government Officials in Ongoing Campaign appeared first on SecurityWeek.
DoorDash Says Personal Information Stolen in Data Breach
Names, addresses, email addresses, and phone numbers were compromised after an employee fell for a social engineering attack.
The post DoorDash Says Personal Information Stolen in Data Breach appeared first on SecurityWeek.
5 Plead Guilty in US to Helping North Korean IT Workers
Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Erick Ntekereze, and Oleksandr Didenko have pleaded guilty.
The post 5 Plead Guilty in US to Helping North Korean IT Workers appeared first on SecurityWeek.
⚡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms.
It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it’s a business. And in some cases, they’re using the same
It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it’s a business. And in some cases, they’re using the same
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT.
The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic Security Labs.
“The
The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic Security Labs.
“The
Logitech Confirms Data Breach Following Designation as Oracle Hack Victim
Logitech was listed on the Cl0p ransomware leak website in early November, but its disclosure does not mention Oracle.
The post Logitech Confirms Data Breach Following Designation as Oracle Hack Victim appeared first on SecurityWeek.
Widespread Exploitation of XWiki Vulnerability Observed
The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools.
The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek.
Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time
Google has disclosed that the company’s continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% for the first time.
“We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust’s impact on
“We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust’s impact on
Google to flag Android apps with excessive battery use on the Play Store
Google will start taking action on Android apps in the official Google Play store that have high background activity and cause excessive battery draining. […]
Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors
Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. […]