Samsung confirms hackers stole Galaxy devices source code
Samsung Electronics confirmed on Monday that its network was breached and the hackers stole confidential information, including source code present in Galaxy smartphones.
Hackers leak 190GB of alleged Samsung data, source code
The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
TrickBot malware operation shuts down, devs move to BazarBackdoor
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.
Ukraine links phishing targeting military to Belarusian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.
New data-wiping malware used in destructive attacks on Ukraine
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.
![[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code](https://rdl.ink/render/https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fmeta_image.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code
Hello, Its developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families. also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with...
Google Project Zero: Vendors are now quicker at fixing zero-days
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
macOS version of elusive 'LightSpy' spyware tool discovered
A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices.
Cybercriminals pose as "helpful" Stack Overflow users to push malware
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.
New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.
Hacker defaces spyware app’s site, dumps database and source code
A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data.
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.
Zscaler takes "test environment" offline after rumors of a breach
Zscaler says that they discovered an exposed
UK confirms Ministry of Defence payroll data exposed in data breach
The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network.
French hospital CHC-SV refuses to pay LockBit extortion demand
The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom.
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Okta warns of "unprecedented" credential stuffing attacks on customers
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. #APT28 #Computer #Credential #Escalation #Exploit #GooseEgg #InfoSec #NSA #Print #Privilege #Security #Spooler #Theft #Windows
MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
Ransomware payments drop to record low of 28% in Q1 2024
Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%.
Ivanti warns of critical flaws in its Avalanche MDM solution
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.
CISA warns of Windows and UnRAR flaws exploited in the wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.
Microsoft links Raspberry Robin malware to Evil Corp attacks
Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.
Microsoft finds Raspberry Robin worm in hundreds of Windows networks
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.