A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your... Read more »

Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. Resecurity (USA) was the first company to identify the Smishing... Read more »

Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed. Benefits and payroll solutions firm Kelly & Associates Insurance Group,... Read more »

A hacker stole data from TeleMessage, exposing messages from its modified Signal, WhatsApp, and other apps sold to the U.S. government. A hacker stole customer data from TeleMessage, an... Read more »

MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated... Read more »

Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack,... Read more »

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. for 1,500 attacks on Microsoft Exchange servers. U.S. authorities have indicted Rami Khaled Ahmed (aka “Black... Read more »

Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. The malicious modules contain obfuscated code... Read more »

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit   I StealC... Read more »