Malware Campaign Impersonates Windows LDAP Vulnerability Research
Security researchers have discovered a deceptive GitHub repository distributing infostealer malware while masquerading as proof-of-concept code for a Windows LDAP vulnerability. The sophisticated multi-stage attack harvests sensitive system data and exploits confusion around two separate LDAP vulnerabilities.
Cannabis Retailer STIIIZY Hit by Major Customer Data Breach, Exposing ID Documents
Premium cannabis retailer STIIIZY disclosed a significant data breach exposing customer identification documents and transaction records at multiple California locations. The Everest cybercrime group claimed responsibility for compromising hundreds of thousands of records through a vendor's point-of-sale system.
Chinese Hackers Exploit Critical Ivanti Vulnerability in Sophisticated Attack Campaign
UNC5337, a Chinese threat group, has launched a new attack exploiting a critical vulnerability in Ivanti Connect Secure devices, deploying sophisticated malware tools. Over 2,000 ICS instances may be vulnerable across multiple countries, prompting urgent patching and security measures.
New 'Fickle Stealer' Malware Emerges with Advanced Evasion and Data Theft Capabilities
A sophisticated Rust-based malware dubbed 'Fickle Stealer' has been discovered using multiple attack vectors and advanced anti-detection methods. The threat actively targets cryptocurrency wallets, browsers, and communication apps while employing complex techniques to evade security controls.
Malicious Ethereum Developer Tool Found Distributing Quasar RAT Malware
Security researchers uncovered an npm package posing as an Ethereum smart contract debugging tool that secretly installs dangerous Quasar RAT malware. The sophisticated supply chain attack specifically targets blockchain developers, potentially exposing private keys and credentials linked to valuable crypto assets.
D-Link Devices Under Attack: Dangerous FICORA and Kaiten Botnets Exploit Legacy Vulnerabilities
Security researchers have identified increased activity from two dangerous botnets targeting D-Link devices through unpatched HNAP vulnerabilities. The FICORA and CAPSAICIN variants leverage decade-old security flaws to launch DDoS attacks and establish malware control networks.
Asus Holiday Banner Triggers False Malware Alerts and User Panic
A festive desktop popup from Asus' Armoury Crate software has sparked widespread concern among users who mistook it for malware. The poorly branded Christmas-themed banner, running as 'Christmas.exe', led to an outcry on forums and highlighted communication issues with the company.
Hidden Dangers: How to Detect Malicious Hardware in USB Cables
Modern USB cables can conceal dangerous hardware designed to steal data and hijack devices. Learn essential warning signs and protection strategies to identify compromised cables and safeguard your digital security.
Critical ICS Malware Discovered: Engineering Workstations Under Attack
A new malware targeting industrial control systems can terminate vital engineering processes on Mitsubishi and Siemens workstations. The sophisticated threats, including Ramnit variant and Chaya_003, demonstrate evolving capabilities to disrupt critical infrastructure through compromised engineering systems.
Microsoft Teams Calls Exploited in Sophisticated DarkGate Malware Campaign
Cybercriminals are leveraging Microsoft Teams and AnyDesk in a complex social engineering attack to distribute DarkGate malware. The campaign combines email phishing, vishing through Teams calls, and remote access tools to compromise systems and steal sensitive data.