Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
20 articles
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
81 Million Login Attempts, 78 Compromised Accounts: The LSHIY Password Spray Hitting Azure CLI Huntress researchers have been tracking a massive automated pa...
Technically sophisticated campaign delivering a malicious Chromium extension that silently swaps cryptocurrency wallet addresses during transactions. Deliver...
MacSync Stealer is a newly discovered macOS infostealer actively distributed through a sophisticated malvertising campaign on Google Ads that impersonates An...
Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion,...
Accounts-payable staff at U.S.
Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY. The post Massive Password Spray Camp...
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic market...
Many serious security bugs in web applications sit across several files at once. Request data enters through a controller, moves through data objects and ser...
This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile ap...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read...
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses...
Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks.
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, sta...
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth au...
The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to turn ...
Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft ...
Japan’s hotel sector is the latest target of a sophisticated phishing and remote-access trojan (RAT) campaign that leverages guest-complaint lures and an unu...
The StegoAd campaign employed steganography to hide malicious JavaScript within image and font files, making the extensions appear legitimate and functional.
Russia-linked hacking groups tracked as UNC5792 and UNC4221 have socially engineered their way into the messaging accounts of government officials.