FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors

The U.S. Federal Bureau of Investigation FBI has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investme...

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors

Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology OT vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada,...

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in...

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the...

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller WLC that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and...

Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added...

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server VCS that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as...

New Wiper Malware Targeting Ukraine Amid Russia's Military Operation

Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper...

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

Multiple security weaknesses have been disclosed in MediaTek system-on-chips SoCs that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without...

Apple Sues Israel's NSO Group for Spying on iPhone Users With Pegasus Spyware

Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as...

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service DoS condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of...

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family,...

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks agains...

Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material CSAM after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. "Based on feedback from...

Google Extends Support for Tracking Party Cookies Until 2023

Google's sweeping proposal to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years. "While there's considerable progress with this...

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have...

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards

Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19...

Experts warn of a new Android banking trojan stealing users' credentials

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot" or Anatsa, the malware is said to be in its early stages of...

How to Vaccinate Against the Poor Password Policy Pandemic

Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have acce...

Top Cyber Attacks of 2020

With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting o...

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...

Contrast Community Edition Empowers Developers to Write Secure Code Faster

As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential to innovate quickly. Yet, nearly three in four developers say that security slows down Agile and DevOps. Neither developer...

Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial

A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency's classified hacking and tools and leaking it to WikiLeaks whistleblower website. While the jury was unable to reach a verdict on eight...

THN Weekly Roundup — Top 10 Stories You Should Not Miss

Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discover...

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Note: We have published a follow-up article with more technical details about this vulnerability which resides in Broadcom WiFi SoC equipped not only in Apple devices, but also in Android devices from various manufacturers. Less than a week after Apple released iOS 10.3 with over 100 bug fixes an...

Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google last week disclosed an...

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready. Yes, the critical zero-day is unpatched and is being used by attackers in the wild. Google made the public disclosure of the vulnerability just 10...

Critical DoS Flaw found in OpenSSL — How It Works

The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service DoS attacks. OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using...

Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability

If you're one of the 400 million Android users out there who have installed Adobe Reader app that helps you to view PDF documents on mobile devices, then you should immediately update your app from Google Play Store. Adobe has released an updated Adobe Reader 11.2.0 version to addresses an...

Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity developers team recently fixed a vulnerability CVE-2013-2765 which could be exploited...

Oracle releases patches for Java vulnerability CVE-2012-4681

Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. "Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible," Eric Maurice, the company's director of...

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access SMA appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 CVSS score: 7.2 - Improper neutralization of special elements in the SMA100 SSL-VP...

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency CISA has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure ICS appliances. "RESURGE contains capabilities of the SPAWNCHIMERA...

10 Critical Network Pentest Findings IT Teams Overlook

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are...

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows, to gai...

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in ...

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10....

5 Ways to Reduce SaaS Security Risks

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based...

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge ATG systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread...

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

Cybersecurity researchers have unpacked a new malware strain dubbed PGMEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gaine...

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control C&C server via DNS traffic," the Symantec Threat Hunter Team, part ...

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal...

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in Novemb...

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

Financial organizations in the Asia-Pacific APAC and Middle East and North Africa MENA are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful...

Why We Must Democratize Cybersecurity

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater...

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting...