The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province […]
Category Archives: Uncategorized
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. […]
A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain […]
For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these 10 […]
Following a breach at the country’s top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements. Go to Source Author: Robert Lemos, Contributing Writer
Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint. Go to Source Author: Jai Vijayan, Contributing Writer
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens. Go to Source Author: Alexander Culafi
The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers. Go to Source Author: Kristina Beek
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize […]
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace. The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access […]