An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few […]
Category Archives: Uncategorized
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest […]
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and its sub-directories, Go to […]
The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it’s now using a new and improved “ElizaRAT” malware. Go to Source Author: Jai Vijayan, Contributing Writer
The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited. Go to Source Author: Dark Reading Staff
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate. Go to Source Author: Robert Lemos, Contributing Writer
A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the “defensive potential” for using LLMs to find vulnerabilities in applications before they’re publicly released. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Go to Source Author: John Klossner, Cartoonist
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. “Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including Go […]
The true measure of our cybersecurity prowess lies in our capacity to endure. Go to Source Author: John Paul Cunningham