In a series of coordinated cyberattacks, state-backed hackers have been exploiting critical zero-day vulnerabilities in Ivanti Connect Secure, a widely used VPN appliance. The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have put numerous organizations at
Researchers have uncovered critical vulnerabilities in the POST SMTP Mailer WordPress plugin, which potentially puts over 150,000 websites at risk of takeover by malicious actors. The vulnerabilities were first reported by cybersecurity researchers Ulyses Saicha and Sean Murphy as part of
In a troubling development in cybersecurity, multiple information-stealing malware families have been found exploiting an undocumented Google OAuth endpoint, identified as "MultiLogin," to regenerate expired authentication cookies. This discovery, initially made by a developer named PRISMA in
McAfee's Mobile Research Team has uncovered a sophisticated Android backdoor, dubbed “Xamalicious”, that has compromised an estimated 338,300 devices worldwide. The malicious software, developed using Xamarin — an open-source framework for building Android and iOS apps with .NET and C# –- has been
Europol and ENISA (European Union Agency for Cybersecurity), national law enforcement from 17 countries, and private sector allies have uncovered a massive digital skimming campaign affecting 443 online merchants. Digital skimming, a form of cyberattack, involves stealing credit card information
Android users have something to worry about this holiday season, as a new variant of the Chameleon banking trojan has been identified. Concerningly, it’s capable of bypassing any biometric security measures to steal PINs and passwords. According to ThreatFabric, which first reported the malware, it
A novel attack technique known as SMTP Smuggling has been discovered, allowing hackers to bypass traditional email authentication protocols and send spoofed emails from trusted domains. This technique, uncovered by Timo Longin, a senior security consultant at SEC Consult, exploits vulnerabilities
The OLVX Marketplace, identified by ZeroFox researchers, is a new and growing underground market that offers a wide array of tools for helping threat actors succeed in online fraud and cyberattacks. This rise in cybercrime activity is especially concerning as it coincides with the busiest shopping
Leading cybersecurity research firm ESET has recently discovered 18 Android loan apps which are scamming users, now known as the "SpyLoan" scandal. These apps, which have been downloaded over 12 million times from Google Play, have been deceiving users with the promise of quick and easy financial
A security vulnerability named “AutoSpill” poses a threat to Android users who rely on password managers. It has been identified by researchers at the International Institute of Information Technology (IIIT) in Hyderabad, India. The vulnerability, presented at the Black Hat Europe security