China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say…

State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. ​ ​ ​Read More

Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure. ​ ​ ​Read More

The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. ​ ​ ​Read More

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. ​ ​ ​Read More

The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. ​ ​ ​Read More

In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and we published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud 2.0 is a type of two-stage worm-like malware that spreads by compromising npm tokens to…

Post Content ​ ​ ​Read More

New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations. ​ ​ ​Read More

When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase. ​ ​ ​Read More