19 matches found
Inside an AI‑enabled device code phishing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational...
How AI made scams more convincing in 2025
This blog is part of a series where we highlight new or fast-evolving threats in consumer security. This one focuses on howAI is being used to design more realistic campaigns, accelerate social engineering, and how AI agents can be used to target individuals. Most cybercriminals stick with what...
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign. "While earlier operations relied on broad strategic web compromises to...
CVE-2025-52602
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or othe...
DarkCloud Infostealer Relaunched to Grab Credentials, Crypto and Contacts
eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing...
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox aka Void...
Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online
When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing fro...
CVE-2024-26138
The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...
CVE-2024-38863
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...
CVE-2024-38863 CSRF token leaked in URL parameters
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an...
CVE-2024-26138 License information is public, exposing instance id and license holder details
The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...
SideCopy APT Launches Phishing Campaign Against Indian Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The new malicious activity of the SideCopy threat actors is the attack campaign STEPPYKAVACH, which was notably active in 2021 and was originally related to Pakistan. The most recent malicious attack...
VideoBytes: Ryuk Ransomware Targeting US Hospitals
Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...
Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed 'PerSwaysion ,' the newly spotted cyberattack campaign leveraged...
Slack: HTML Injection inside Slack promotional emails
Hi, There's a HTML injection vulnerability present inside emails sent from slack when the FIRST name on the account contains HTML. The html is stored in the backend database and when emails are sent promotional, etc, the HTML is sent along with the rest of the email. In my PoC, which is provided...
UK foreign secretary : "We are under Cyber attack" !
Yesterday, the UK adopted secretary, William Hague, explained to a aegis appointment in Munich how cyber abyss were aggravating to access the UK government and aegis contractors. According to a BBC report, Mr. Hague explained that attackers had adulterated government computers with the Zeus troja...
Drupal Realname User Reference Information Disclosure
Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module version 6.x-1.0 Discovered by Martin Barbella Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easil...
Details Facebook the latest high-risk XSS security vulnerability-vulnerability warning-the black bar safety net
Recently, Facebook discovered high-riskXSSto security vulnerabilities, causing its users to suffer huge threat. This article will for these vulnerabilities are published in detail. Facebook in 2 0 0 8 year 1 2 on 1 5 December 2 0 0 9 years 1 months 4 days was traced to a series of high-riskXSSa...