Hackers Poison Axios npm Package with 100 Million Weekly Downloads

Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide...

My_CVES

My...

FUNNULL Unmasked: AWS, Azure Abused for Global Cybercrime Operations

Discover how cybercriminals use 'Infrastructure Laundering' to exploit AWS and Azure for scams, phishing, and money laundering. Learn about FUNNULL CDN's tactics and their global impact on businesses and cybersecurity...

CVE-2025-21552

...

AZL-55066 CVE-2024-55553 affecting package frr for versions less than 9.1.1-3

In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...

VPN Usage Increased 5016% in Bangladesh Amidst Online Censorship

VPN demand skyrockets in Bangladesh due to internet restrictions. Learn about the global impact of VPNs on internet…...

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 PDF The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

PT-2024-2415 · Artica · Artica Proxy

Name of the Vulnerable Software and Affected Versions: Artica-Proxy affected versions not specified Description: The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. ...

New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices

By Waqas Despite Google's proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices globally. This is a post from HackRead.com Read the original post: New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices...

Play Ransomware A Global Threat Impacting Businesses

Summary: The Play ransomware group, active since June 2022, employs a double-extortion model, impacting businesses globally. Utilizing legitimate tools for malicious activities, the group has affected approximately 300 entities. Threat Level - Red | Attack Report For a detailed threat advisory,...

QakBot's Endgame: The Final Move Before the Takedown

QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 Attribution at the bottom Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this...

Skuld: The Infostealer that Speaks Golang

Skuld: The Infostealer that Speaks Golang By Ernesto Fernández Provecho · June 13, 2023 In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide, something that security researchers had also noticed. The usage of Golang,...

Emulating KmsdBot’s Command and Control and Examining Its Attack Traffic

Read about the global impact of KmsdBot, a botnet that hit our honeypot earlier this year, and why the evidence is pointing toward it being a DDoS for hire...

Existential Risk and the Fermi Paradox

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hackers Mind coming in February 2023, I write: Our societal systems, in general, may have grown fairer and more...

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be...

The State of Stalkerware in 2021

The state of stalkerware in 2021 PDF Main findings of 2021 Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this...

Threat Source newsletter (March 17, 2022) — Channelling productive worry to help Ukraine

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn’t mean those of... Th...

The Akamai Foundation: Making a Global Impact

In 2021, the impact of the Akamai Foundation’s philanthropic activities continued to expand beyond science, technology, engineering, and mathematics STEM education, deepening our commitment to digital equity and inclusion around the globe and to making a positive impact in the communities we serv...

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...