Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
By:
Feb 22, 2023Ravie LakshmananOpen Source / Supply Chain Attack
In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in...
Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data
By:
Feb 23, 2023Ravie LakshmananCyber Threat / Data Security
A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious...
New Hacking Cluster ‘Clasiopa’ Targeting Materials Research Organizations in Asia
By:
Feb 23, 2023Ravie LakshmananMalware / Threat Intel
Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.
Symantec, by Broadcom...
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks
By:
Feb 27, 2023Ravie LakshmananMalware / Cyber Attack
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to...
Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second
By:
Feb 14, 2023Ravie Lakshmanan
Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second...
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
By:
Feb 14, 2023Ravie LakshmananCyber Threat Intelligence
Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.
The tech giant's Security...
Chinese Tonto Team Hackers’ Second Attempt to Target Cybersecurity Firm Group-IB Fails
By:
Feb 13, 2023Ravie LakshmananCyber Threat Intelligence
The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022.
The Singapore-headquartered...
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
By:
Feb 11, 2023Ravie LakshmananRansomware / Endpoint Security
After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the...
Reddit Suffers Security Breach Exposing Internal Documents and Source Code
By:
Feb 10, 2023Ravie LakshmananData Breach / Source Code
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat...
Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages
By:
Feb 10, 2023Ravie LakshmananSupply Chain / Software Security
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions,...
