Security News

Filter by:

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets.
The Hacker News 8 Apr 2025 9015 Views

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. [...]
Bleepingcomputer 6 Apr 2025 1752 Views

WinRAR flaw bypasses Windows Mark of the Web security alerts

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [...]
Bleepingcomputer 5 Apr 2025 1175 Views

Gootloader Malware Resurfaces in Google Ads for Legal Docs

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.
Dark Reading 2 Apr 2025 8943 Views

Google makes end-to-end encrypted Gmail easy for all – even Outlook users

The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it'll do so without imposing any undue stress on IT admins....
The Register 1 Apr 2025 5377 Views

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]
Bleepingcomputer 1 Apr 2025 1530 Views

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]
Bleepingcomputer 1 Apr 2025 1438 Views

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities...
The Hacker News 30 Mar 2025 10262 Views

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. [...]
Bleepingcomputer 27 Mar 2025 1813 Views

Browser-in-the-Browser attacks target CS2 players' Steam accounts

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. [...]
Bleepingcomputer 25 Mar 2025 1442 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY