Massive MikroTik Router Botnet Exploits DNS Flaws to Launch Malware Campaign
A sophisticated botnet comprising 13,000 hijacked MikroTik routers is exploiting DNS misconfigurations to distribute malware while impersonating legitimate domains. The campaign uses compromised devices as SOCKS proxies to bypass email security and deliver malicious payloads through spoofed shipping notifications.
FBI Launches Unprecedented Operation to Purge Chinese PlugX Malware from US Networks
In a groundbreaking cybersecurity operation, the FBI successfully removed dangerous Chinese PlugX malware from over 4,000 US computers by exploiting its self-delete function. Working with French authorities, the agency leveraged compromised command servers to cleanse infected systems nationwide.
Malware Campaign Impersonates Windows LDAP Vulnerability Research
Security researchers have discovered a deceptive GitHub repository distributing infostealer malware while masquerading as proof-of-concept code for a Windows LDAP vulnerability. The sophisticated multi-stage attack harvests sensitive system data and exploits confusion around two separate LDAP vulnerabilities.
Cannabis Retailer STIIIZY Hit by Major Customer Data Breach, Exposing ID Documents
Premium cannabis retailer STIIIZY disclosed a significant data breach exposing customer identification documents and transaction records at multiple California locations. The Everest cybercrime group claimed responsibility for compromising hundreds of thousands of records through a vendor's point-of-sale system.
Chinese Hackers Exploit Critical Ivanti Vulnerability in Sophisticated Attack Campaign
UNC5337, a Chinese threat group, has launched a new attack exploiting a critical vulnerability in Ivanti Connect Secure devices, deploying sophisticated malware tools. Over 2,000 ICS instances may be vulnerable across multiple countries, prompting urgent patching and security measures.
New 'Fickle Stealer' Malware Emerges with Advanced Evasion and Data Theft Capabilities
A sophisticated Rust-based malware dubbed 'Fickle Stealer' has been discovered using multiple attack vectors and advanced anti-detection methods. The threat actively targets cryptocurrency wallets, browsers, and communication apps while employing complex techniques to evade security controls.
Malicious Ethereum Developer Tool Found Distributing Quasar RAT Malware
Security researchers uncovered an npm package posing as an Ethereum smart contract debugging tool that secretly installs dangerous Quasar RAT malware. The sophisticated supply chain attack specifically targets blockchain developers, potentially exposing private keys and credentials linked to valuable crypto assets.
D-Link Devices Under Attack: Dangerous FICORA and Kaiten Botnets Exploit Legacy Vulnerabilities
Security researchers have identified increased activity from two dangerous botnets targeting D-Link devices through unpatched HNAP vulnerabilities. The FICORA and CAPSAICIN variants leverage decade-old security flaws to launch DDoS attacks and establish malware control networks.
Asus Holiday Banner Triggers False Malware Alerts and User Panic
A festive desktop popup from Asus' Armoury Crate software has sparked widespread concern among users who mistook it for malware. The poorly branded Christmas-themed banner, running as 'Christmas.exe', led to an outcry on forums and highlighted communication issues with the company.
Hidden Dangers: How to Detect Malicious Hardware in USB Cables
Modern USB cables can conceal dangerous hardware designed to steal data and hijack devices. Learn essential warning signs and protection strategies to identify compromised cables and safeguard your digital security.