A new ransomware attack by DragonForce has targeted organizations in Saudi Arabia. The attack, which affected a prominent Riyadh-based real estate and construction firm, resulted in the exfiltration of over 6TB of sensitive data. According to a new advisory by Resecurity, threat actors first announced the breach on February 14, 2025, demanding ransom before publishing
Month: February 2025
Feb 27, 2025Ravie LakshmananMalware / Threat Intelligence A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country’s National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications.
A growing reliance on APIs has fueled security concerns, with nearly all organizations (99%) reporting API-related security issues in the past year. According to the Q1 2025 State of API Security Report by Salt Security, the rapid expansion of API ecosystems—driven by cloud migration, platform integration and data monetization—is outpacing security measures and exposing organizations
Digital Security As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek 31 Jan 2025 • , 4 min. read It’s become almost a cliché to say that cybercriminals are remarkably quick to
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign –
In 2024, cyber-criminals have launched attacks within 48 hours of discovering a vulnerability, with 61% of hackers using new exploit code in this short timeframe. Companies faced an average of 68 days of critical cyber-attacks, while ransomware remained the most significant threat. The healthcare industry was particularly affected, with ransomware responsible for 95% of all
Business Security Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching Phil Muncaster 05 Feb 2025 • , 5 min. read Vulnerability exploitation has long been a popular tactic for threat actors. But it’s becoming increasingly so – a fact that should alarm every network defender.
Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that’s capable of infecting both Windows and Apple systems with an aim to
A critical security vulnerability in Essential Addons for Elementor has been identified, potentially impacting over two million WordPress websites. The flaw, a reflected cross-site scripting (XSS) vulnerability, was discovered due to insufficient validation of the popup-selector query argument, allowing malicious scripts to be executed. The issue, tracked with CVE-2025-24752, was first uncovered by Patchstack Alliance researcher
Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here’s how to fight back Phil Muncaster 11 Feb 2025 • , 4 min. read Artificial intelligence (AI) is transforming our world in ways both expected and unforeseen. For consumers, the technology means more accurately personalized digital content, better
Feb 24, 2025Ravie LakshmananEndpoint Security / Vulnerability Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025.
Netherlands-based threat intelligence firm Prodaft revealed on February 20 that internal chatlogs from the BlackBasta ransomware gang have been leaked online. BlackBasta is a ransomware strain that was first detected in April 2022. Early on, cyber threat intelligence experts assessed that the members of the group behind the ransomware were associated with other top-tier ransomware
WeLiveScience As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human? 10 Feb 2025 In his talk, Neil Lawrence, the Deep Mind Professor of Machine Learning at the University of Cambridge, tackles the aforementioned fundamental question head-on. With a career
Feb 22, 2025Ravie LakshmananDisinformation / Artificial Intelligence OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta’s Llama models, with the
California-based Health Net Federal Services (HNFS), a subsidiary of St Louis-based Centene Corporation, has reached an agreement to pay $11,253,400 to resolve allegations of false cybersecurity compliance certifications. According to the US Department of Justice (DoJ), the false cybersecurity certifications were used to comply with requirements in a US Department of Defense (DoD) contract to
Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential victim is distracted by the possibility of getting a job? Since early 2024, ESET researchers have observed a series of malicious North Korea-aligned activities,
Feb 22, 2025Ravie LakshmananFinancial Crime / Cryptocurrency Cryptocurrency exchange Bybit on Friday revealed that a “sophisticated” attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. “The incident occurred when our ETH multisig cold wallet
Chinese state-sponsored hackers, Salt Typhoon, used the JumbledPath utility in their attacks against US telecommunication providers to stealthily monitor network traffic and potentially steal sensitive data, a new Cisco report revealed. In the report published by Cisco Talos on February 20, the researchers confirmed Salt Typhoon gained access to core networking infrastructure through Cisco devices
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims’ crypto wallets and steals their login details from web browsers and password managers 20 Feb 2025 ESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware. The activities – named DeceptiveDevelopment
Feb 21, 2025Ravie LakshmananData Protection / Encryption Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users’ trusted devices
A new malware campaign targeting freelance developers has been using deceptive job advertisements to trick them into downloading malicious software disguised as legitimate tools. The campaign primarily spreads through GitHub repositories and relies on freelancers’ eagerness to secure remote work opportunities. The attackers pose as reputable companies, offering freelance developers attractive job opportunities. To make
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff Phil Muncaster 18 Feb 2025 • , 5 min. read Most of us are in a job or looking for one. Or both. That’s largely why employment and work-from-home scams are so popular among cybercriminals (and even some state-aligned threat
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima, PurpleBravo, and Tenacious Pungsan. The
A critical vulnerability in the Jupiter X Core WordPress plugin, used on over 90,000 websites, has been identified by security researchers. The flaw, discovered on January 6, allows attackers with contributor privileges or higher to upload malicious SVG files and execute remote code on vulnerable servers. The issue (CVE-2025-0366) has been given a CVSS score
Ever wondered what it’s like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security. 12 Feb 2025 What if breaking into computer systems, tricking people into handing over passwords, and even sneaking into buildings was part of your
Feb 19, 2025Ravie LakshmananMobile Security / Cyber Espionage Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. “The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’
Two significant security vulnerabilities in networking utility OpenSSH have been uncovered by security researchers. These flaws, identified as CVE-2025-26465 and CVE-2025-26466, pose risks of man-in-the-middle (MitM) and denial-of-service (DoS) attacks. The vulnerabilities, reported by the Qualys Security Advisory team, have prompted the release of OpenSSH 9.9p2, which addresses these issues. Details of the Vulnerabilities CVE-2025-26465:
WeLiveScience The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action 17 Feb 2025 Most people acknowledge that climate change is real and human-driven, yet many still struggle to see how it directly affects their lives. To bridge this gap, Dr. Katharine Hayhoe introduces a simple but powerful
Feb 18, 2025Ravie LakshmananVulnerability / Network Security Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below – CVE-2025-26465
A pro-Russia hacker group, NoName057(16), has launched a wave of DDoS (distributed denial-of-service) attacks targeting key Italian organizations. Early on Monday, the group disrupted the websites of major airports in Milan, including Linate and Malpensa, as well as the Transport Authority, the Intesa San Paolo bank and the ports of Taranto and Trieste. The attacks were