‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.
The post CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign appeared first on SecurityWeek.
⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More
Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day.
Hackers don’t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough.
This week,
Hackers don’t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough.
This week,
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.
The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek.
Security Theater: Vanity Metrics Keep You Busy – and Exposed
After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I’ve learned that looking busy isn’t the same as being secure.
It’s an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we’re expending – how many vulnerabilities we patched, how fast we
It’s an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we’re expending – how many vulnerabilities we patched, how fast we
Port of Seattle Says 90,000 People Impacted by Ransomware Attack
The Port of Seattle says the personal information of 90,000 individuals was stolen in an August 2024 ransomware attack.
The post Port of Seattle Says 90,000 People Impacted by Ransomware Attack appeared first on SecurityWeek.
Suspected Scattered Spider Hacker Pleads Guilty
A 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty.
The post Suspected Scattered Spider Hacker Pleads Guilty appeared first on SecurityWeek.
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets.
“Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an
“Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an
E-ZPass toll payment texts return in massive phishing wave
An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. […]
OpenAI tests watermarking for ChatGPT-4o Image Generation model
OpenAI is reportedly testing a new “watermark” for the Image Generation model, which is a part of the ChatGPT 4o model. […]
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. […]