Featured
First Linux UEFI Bootkit 'Bootkitty' Discovered, Marking New Era in Linux Threats
Security researchers at ESET have uncovered 'Bootkitty', the first known UEFI bootkit targeting Linux systems. While still in development, this sophisticated malware can infect startup processes and signals an emerging wave of Linux-focused cyber threats.
Rockstar 2FA: The New Phishing Toolkit Bypassing Microsoft 365 Security
A sophisticated phishing toolkit called Rockstar 2FA is enabling cybercriminals to bypass Microsoft 365's multi-factor authentication through adversary-in-the-middle attacks. Available for just $200, this accessible platform provides advanced features like cookie harvesting and customizable login pages that pose a significant threat to organizations.
Holiday Season Disrupted: Blue Yonder Ransomware Attack Impacts Starbucks and Global Retailers
A major ransomware attack on supply chain software provider Blue Yonder has caused significant disruptions for major retailers including Starbucks and UK supermarket chains. The cybersecurity incident has forced companies to resort to manual processes and backup systems during the critical holiday shopping period.
Bootkitty: First UEFI Bootkit Malware Targeting Linux Systems Discovered
Security researchers have identified Bootkitty, a groundbreaking UEFI bootkit malware specifically designed to target Linux systems. This proof-of-concept malware can disable kernel signature verification and persist through OS reinstallation, marking a concerning evolution in firmware-level threats.
Critical Vulnerabilities in WordPress Anti-Spam Plugin Put 200,000 Sites at Risk
Two severe security flaws discovered in the Anti-Spam by CleanTalk WordPress plugin could allow attackers to gain unauthorized control of over 200,000 websites. The developer has released patches while security researchers implement protective measures for affected installations.
Ransomware Attack Forces Hoboken City Hall Shutdown and Service Disruptions
A cyber attack on Wednesday paralyzed Hoboken's municipal operations, forcing City Hall closure and suspension of multiple city services. While garbage collection and recreation programs continue, officials are investigating the ransomware incident alongside technical teams working to restore compromised systems.
Russian Hacking Group RomCom Exploits Firefox Zero-Days in Sophisticated Attack Campaign
A Russian cybercrime group has launched major attacks across Europe and North America by exploiting critical Firefox and Tor Browser vulnerabilities. The sophisticated campaign infected systems through maliciously crafted websites, demonstrating RomCom's advanced capabilities and evolving tactics.
Critical VPN Client Vulnerabilities Allow Attackers to Deploy Malware Through Fake Servers
Security researchers have discovered severe flaws in Palo Alto Networks' GlobalProtect and SonicWall's NetExtender VPN clients that enable attackers to execute malicious code through rogue VPN servers. The vulnerabilities could allow credential theft and system compromise through unauthorized software updates with elevated privileges.
D-Link Refuses Security Patches for 60,000 Vulnerable DSL Modems
D-Link announces it won't patch critical security vulnerabilities affecting 60,000 DSL6740C modems still in use, leaving users exposed to potential cyberattacks. Multiple severe flaws were discovered, including unauthorized password changes and remote code execution vulnerabilities.