A supply chain attack targeting key components of the Ethereum development ecosystem has affected the Nomic Foundation and Hardhat platforms. The attackers infiltrated the ecosystem using malicious npm packages, exfiltrating sensitive data such as private keys, mnemonics and configuration files. Attack Details and Methodology This attack, discovered by Socket, involves the distribution of 20 malicious
admin
Jan 06, 2025Ravie LakshmananRegulatory Compliance / Data Privacy The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. “Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent,” India’s Press Information Bureau (PIB) said in a statement released Sunday.
The co-founder and former CEO of a cryptocurrency business has been extradited to the US to face fraud charges. South Korean national Do Hyeong Kwon, 33, appeared in a Manhattan court on Thursday after being extradited from Montenegro on Tuesday. Between 2018 and 2022, he is accused of defrauding investors in Terraform cryptocurrencies, resulting in
Jan 04, 2025Ravie LakshmananMalware / VPN Security Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to
Atos Group has refuted a recent claim by ransomware group Space Bears that the firm’s database had been compromised by the threat actors. In a statement issued on January 3, the French IT giant said that the allegations made by Space Bears were unfounded. “No infrastructure managed by Atos was breached, no source code accessed,
Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It
The US government has issued sanctions against a China-based cybersecurity company for its involvement in a large-scale botnet targeting American organizations, including critical infrastructure. Beijing-based Integrity Technology Group has been accused of playing a role in multiple computer intrusion incidents that have been attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has
Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit
A groundbreaking malware disinfection campaign targetingthe PlugX worm has been executed with the collaboration of international authorities. Led by the Sekoia Threat Detection & Research team, the operation disinfected compromised systems across multiple countries. The PlugX worm, often linked toMustang Panda, can spread through infected flash drives, making it highly pervasive. After gaining control of
Jan 02, 2025Ravie LakshmananVulnerability / Data Protection Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData
Interpol has claimed success with a new online operation designed to uncover human trafficking victims and facilitators operating in South America and Europe. The policing group teamed up with inter-governmental body the Organization for Security and Co-operation in Europe (OSCE), in response to a growing and concerning trend. Victims are lured by fake or deceptive
Jan 01, 2025Ravie LakshmananWeb Security / Vulnerability Threat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. “Instead of relying on a single click, it takes advantage
A series of high-profile compromises targeting popular open source packages have been uncovered, exposing the growing risk of malicious code infiltration in widely used software tools. Threat actors implanted cryptomining malware in packages associated with rspack, a JavaScript bundler, and vant, a Vue UI library for mobile web apps. Together, these tools see hundreds of
Dec 31, 2024Ravie LakshmananData Security / Privacy The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. “This final rule is
More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct. The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and
Dec 30, 2025Ravie LakshmananCybersecurity / Compliance The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of
A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS premium LMS theme, which counts over 28,000 sales. They are primarily used for creating online courses, managing students and selling educational content. The vulnerabilities, now patched,
Dec 29, 2025Ravie LakshmananEndpoint Protection / Browser Security A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used
Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web. The unnamed underground group compiled a large collection of identity documents and corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks, according to IProov’s Biometric Threat Intelligence service.
Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity
The past year marked a year of “growth and transition” for the US Cybersecurity and Infrastructure Security Agency (CISA), according to its departing Director, Jen Easterly. In the foreword of the Agency’s 2024 Year in Review, Easterly’s final report before she steps down in January, she highlighted how CISA has focused on “working collaboratively to
Dec 27, 2024Ravie LakshmananCryptocurrency / Cyber Espionage North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for
The Lumma Stealer infostealer malware is increasingly sought after by cybercriminals, according to cybersecurity firm ESET which reported a 369% surge in detections in its telemetry in the second half of 2024. Lumma Stealer first appeared in the wild in 2022, eventually appearing on the list of top ten infostealers detected by ESET products in
Dec 26, 2024Ravie LakshmananCybercrime / Ransomware A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company’s network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers
A controversial Israeli spyware maker has been found liable for the compromise of hundreds of WhatsApp users, in a historic US court ruling. Judge Phyllis Hamilton said on Friday that NSO Group broke state and federal laws and WhatsApp’s terms of service, by using zero-day exploits in the popular messaging tool to deploy its Pegasus
Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. “These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices,” Claroty researchers Noam Moshe and Tomer
US and Japanese authorities have attributed a major cryptocurrency heist worth $308m to North Korean hackers. An alert from the FBI, Department of Defense Cyber Crime Center and National Police Agency of Japan said the May 2024 theft from Japan-based crypto firm DMM was carried out by a North Korean threat group tracked as TraderTraitor,
Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads
Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension. The company shared the extent of the data breach in a filing to the Office of the Maine Attorney General on December 19. Following an investigation, Ascension discovered that
Dec 23, 2024Ravie LakshmananMachine Learning / Threat Analysis Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. “Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or