A phishing campaign is impersonating well-known brands like KFC, Red Bull, and Ferrari to compromise Facebook login details. Malicious emails lead targets to a fake job posting site where they are prompted to enter their credentials.
CISA has flagged a critical vulnerability in the Windows SMB client that is actively being exploited, allowing attackers to gain elevated privileges on affected systems. Organizations are urged to patch immediately to prevent potential compromises.
Jewett-Cameron Company, an Oregon-based provider of fencing and pet solutions, experienced a cyberattack that led to the theft of sensitive information and disruption of business operations. The company reported that hackers deployed encryption software and threatened to release stolen data unless a ransom is paid.
The latest version of Vidar Stealer, known as Vidar 2.0, employs advanced memory injection techniques to bypass browser encryption and steal login credentials. This update marks a significant evolution in its capabilities, allowing it to efficiently extract sensitive information from multiple browsers.
Russian state-backed hacking group Coldriver has introduced three new malware strains, NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. These new tools are designed to evade detection and target high-value data.
Amazon's recent AWS outage has highlighted significant vulnerabilities in the automotive manufacturing sector's reliance on cloud infrastructure. The incident, which lasted 15 hours, raised urgent questions about digital resilience and the potential economic impact on production systems that depend heavily on cloud services.
Yahoo outlines its use of cookies and personal data across its family of brands, including AOL and Engadget. Users are informed about their options for managing privacy settings and consent regarding data usage.
_imresizer.jpg)
A new strain of Rust-based malware, dubbed ChaosBot, exploits the Discord platform for its Command and Control operations, embedding malicious activity behind legitimate traffic. Its advanced evasion capabilities pose significant challenges for defenders.
A large-scale intrusion campaign, tracked as REF3927, is exploiting misconfigured Microsoft IIS servers that reuse publicly exposed ASP.NET machine keys. Attackers are deploying malicious modules and webshells to gain control over affected systems.
Cybercriminals are exploiting Microsoft 365's Direct Send feature to bypass security filters and conduct phishing campaigns. This legitimate feature, designed for enterprise convenience, has become a vector for business email compromise attacks, prompting security researchers to raise alarms.
Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.
A newly uncovered attack campaign, dubbed Jingle Thief, is targeting global retailers' gift card systems using phishing and smishing techniques. The attackers, believed to be based in Morocco, operate entirely in cloud environments without deploying traditional malware.
Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.
CISA has identified a critical SSRF vulnerability in Oracle E-Business Suite, urging US government organizations to apply patches by November 10. Despite the urgency, Oracle has not confirmed active exploitation of the vulnerability, CVE-2025-61884.
%20(1).webp)
A recent investigation revealed a critical loophole in Azure applications that allowed hackers to create malicious apps using reserved Microsoft names. This vulnerability enabled attackers to gain unauthorized access and escalate privileges within Microsoft 365 environments, posing significant risks to organizations.
