A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations,” Checkmarx…
Category: The Hacker News
Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper
A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and OriginBotnet, to gather a wide range of information from compromised Windows machines. “A phishing email delivers the Word…
Chinese Redfly Group Compromised a Nation’s Critical Grid in 6-Month ShadowPad Campaign
A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. “The attackers managed to steal…
7 Steps to Kickstart Your SaaS Security Program
SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for…
Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks
A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after Stealer, Pureland, Atomic Stealer, and Realst. “Threat actors are proactively targeting macOS businesses by…
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer…
Charming Kitten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E.
The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the…
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a “swarm of fake and hijacked personal accounts” with the ultimate goal of taking over the targets’ accounts. “Originating yet again from a Vietnamese-based group,…
Charming Kiten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E.
The Iranian threat actor known as Charming Kiten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the…
How to Prevent API Breaches: A Guide to Robust Security
With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a…