Internet Security

Operation Triangulation: previously undetected malware targets iOS devices

June 2, 2023 add comment
A previously undocumented APT group targets iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangulation. Researchers from the Russian firm Kaspersky have uncovered a previously... Read more »

California-based workforce platform Prosperix leaks drivers licenses and medical records

June 1, 2023 add comment
Prosperix leaked nearly 250,000 files. The breach exposed job seekers’ sensitive data, including home addresses and phone numbers. Prosperix, formally Crowdstaffing, calls itself a “workforce innovation” company that develops... Read more »

Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

June 1, 2023 add comment
Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers... Read more »

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

June 1, 2023 add comment
The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. The cybersecurity researcher Dominic Alvieri first noticed that the... Read more »

Widespread exploitation by botnet operators of Zyxel firewall flaw

June 1, 2023 add comment
Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability,... Read more »

Experts warn of backdoor-like behavior within Gigabyte systems

May 31, 2023 add comment
Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise. Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The... Read more »

Threat actors are exploiting Barracuda Email Security Gateway bug since October 2022

May 31, 2023 add comment
Recently disclosed zero-day flaw in Barracusa Email Security Gateway (ESG) appliances had been actively exploited by attackers since October 2022. The network security solutions provider Barracuda recently warned customers... Read more »

Swiss real estate agency Neho fails to put a password on its systems

May 31, 2023 add comment
A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. Neho, a Switzerland-based real estate agency, leaked credentials recently, potentially allowing threat actors to... Read more »

Microsoft found a new bug that allows bypassing SIP root restrictions in macOS

May 31, 2023 add comment
Apple fixed a vulnerability discovered by Microsoft researchers that lets attackers with root privileges bypass System Integrity Protection (SIP). Researchers from Microsoft discovered a vulnerability, tracked as CVE-2023-32369 and dubbed... Read more »

PyPI enforces 2FA authentication to prevent maintainers’ account takeover

May 30, 2023 add comment
PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating... Read more »
Subscribe to our Newsletter