A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. “The ATM malware is hidden inside another not-malicious-looking program,” Latin American cybersecurity... Read more »

This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited... Read more »

A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation.... Read more »

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. “Unlike most... Read more »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. “After gaining access to victims’ networks, Royal actors... Read more »

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. “The attacker exploited a containerized workload and then leveraged it to perform privilege... Read more »

As a primary working interface, the browser plays a significant role in today’s corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal... Read more »

A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified... Read more »

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. “Underpinning this... Read more »