Breaking the trade-off: Full email security without deployment friction
How API-based security is redefining email protection in the face of escalating human risk.
Financial
20 articles
Bogus installers facilitate RAT, cryptominer spread in long-running operation
Threat operation REF1695 has been harnessing counterfeit installers to facilitate multiple attack campaigns delivering remote access trojans and cryptocurren...
FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic
Voxbeam’s actions allegedly led to “financial impersonation robocalls” that were made to American consumers “ using “non-compliant and long dormant accounts,...
Storm infostealer bypasses Chrome encryption, targets crypto wallets
Discovered by Varonis Threat Labs, Storm infostealer operates as a malicious subscription service, targeting multiple browsers like Chrome, Edge, Firefox, an...
Zero trust everywhere: Redefining secure network access in a post-VPN world
ThreatLocker's reinvention of zero-trust network access shifts access control from credential verification to the endpoint itself.
North Korea–linked hackers drain $285M from Drift in sophisticated attack
Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 ...
Trusted Platforms Exploited to Steal Philippine Banking Credentials
Hackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongo...
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the troj...
Phorpiex Botnet Fuels Ransomware, Sextortion, and Crypto-Theft Attacks
Hackers are abusing the long-running Phorpiex (Trik) botnet to run large-scale ransomware, sextortion, and crypto-clipping operations, turning one infrastruc...
Microsoft releases open-source toolkit to govern autonomous AI agents
AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks ...
Which messaging app takes the most limited approach to permissions on Android?
Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android...
Drift Protocol estimated to have lost $285M in crypto heist
Solana-based decentralized finance exchange Drift Protocol was assessed by PeckShield to have had up to $285 million stolen in an Apr. 1 crypto heist believe...
Phishing campaign delivers Casbaneiro and Horabot banking trojans
The threat actor, identified as Brazilian cybercrime group Augmented Marauder and Water Saci, employs a unique delivery mechanism involving WhatsApp, ClickFi...
Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea
The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved...
Akira ransomware group can achieve initial access to data encryption in less than an hour
A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay u...
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
The bipartisan, bicameral Cyber Ready Workforce Act aims to cut into the country’s deficit of cybersecurity professionals. The post Lawmakers renew push for ...
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potent...
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency mi...
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security ...
Crypto platform Drift suspends services after millions stolen in security incident
Security experts believe hundreds of millions of dollars worth of cryptocurrency were stolen from decentralized finance platform Drift on Wednesday after the...