-
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say…
-
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. Read More
-
Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure. Read More
-
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. Read More
-
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. Read More
-
The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. Read More
-
In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and we published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud 2.0 is a type of two-stage worm-like malware that spreads by compromising npm tokens to…
-
New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations. Read More
-
When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase. Read More