Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday.
Hackers have been observed using steganography to target hundreds of organizations in Latin America with infostealers, remote access trojans (RAT), and more.
The campaign, dubbed SteganoArmor, was discovered by researchers from Positive Technologies.
Cisco’s Talos security team is warning of a large-scale credential compromise campaign that’s indiscriminately assailing networks with login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts.
Streaming TV service provider Roku activated two-factor authentication (2FA) for all its 80 million users after hackers compromised 576,000 accounts in a credential stuffing attack.
It is the second credential stuffing incident the company has disclosed this year, although it said “sensitive” customer information — including full credit card numbers — was not stolen in either attack. The first breach, affecting more than 15,000 accounts, was disclosed last month.
Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday.
Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks.
The company sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. It did not disclose the attackers’ identities or the countries where users received notifications.
AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn't saying.
Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday.
In the world of cybersecurity, the market for zero-day exploits is booming, with prices skyrocketing for hacks targeting popular devices and software. Crowdfense, a startup specializing in acquiring and reselling zero-day vulnerabilities, recently unveiled its latest pricing list, revealing staggering sums for exploits targeting iPhones, iMessage, and more.
Google on Tuesday announced a new Chrome update that resolves another zero-day vulnerability demonstrated at the Pwn2Own hacking contest in March.
Tracked as CVE-2024-3159, the high-severity bug is described as an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine. The flaw was exploited at Pwn2Own Vancouver 2024 by Edouard Bochin and Tao Yan from Palo Alto Networks, who received a $42,500 bug bounty reward for their finding.
