The Google Play Store, the primary hub for Android app downloads, has once again become a playground for cybercriminals. Despite Google’s ongoing security efforts, malicious apps continue to infiltrate the platform by evolving their tactics to bypass detection. A recent report from Bitdefender, shared with Hackread.com, has identified a large-scale fraud campaign involving at least […]
A newly revealed Windows vulnerability has been exploited by at least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China since 2017, according to security researchers at Trend Micro’s Zero Day Initiative (ZDI). Despite the widespread exploitation, Microsoft decided in late September that the flaw “does not meet the bar for servicing,” choosing […]
Issues Persist Into Monday, Causing Frustration for Users Microsoft has attributed this past weekend’s widespread Outlook outage to a “problematic code change,” leaving thousands of users unable to access their email accounts. The disruption began around 2100 UTC on Saturday, with more than 30,000 users reporting issues via DownDetector. While Microsoft claims services have since […]
Hackers Leverage Privilege Escalation Flaw in Paragon Partition Manager A zero-day vulnerability in a Microsoft-signed driver from Paragon Software is being actively exploited in ransomware attacks, according to a recent security advisory from CERT Coordination Center (CERT/CC). Researchers discovered five vulnerabilities in the BioNTdrv.sys driver used by Paragon Partition Manager, a tool designed to optimize […]
Attackers Use Typosquatting to Target Developers, Particularly in Finance Cybersecurity researchers have uncovered an ongoing supply chain attack targeting the Go ecosystem, where typosquatted modules are being used to distribute loader malware on Linux and macOS systems. According to Kirill Boychenko, a researcher at Socket, at least seven malicious Go packages have been identified, with […]
Stolen Data Includes Social Security Numbers, Financial Details, and IDs A major data breach at DISA Global Solutions, a U.S.-based employee screening company, has compromised the personal information of over 3.3 million individuals, including more than 360,000 residents in Massachusetts. In a notice posted on April 22, 2024, DISA confirmed it was the victim of […]
Cybersecurity researchers have identified a new tactic used by the Rhadamanthys Infostealer to spread malware, leveraging Microsoft Management Console (MMC) files with the MSC extension. This latest discovery, confirmed by the AhnLab Security Intelligence Center (ASEC), highlights an evolving threat where attackers misuse legitimate administrative tools for malicious purposes. Methods of Exploitation The Rhadamanthys Infostealer […]
Dream, an AI-driven cybersecurity company specializing in national and critical infrastructure protection, has announced the successful closure of a $100 million Series B funding round. Led by Bain Capital Ventures, this latest investment values the company at $1.1 billion. Additional investors include Group 11, Tru Arrow, Tau Capital, and Aleph. The funding will support Dream’s […]
Security researchers warn of ongoing exploitation of a critical vulnerability in SonicWall’s SonicOS. Key Findings: Ongoing Exploitation and Threat Landscape SonicWall initially patched CVE-2024-53704 after researchers from Computest Security disclosed the flaw. At the time of the patch release, the company stated it had no evidence of active exploitation. However, subsequent findings suggest otherwise. Researchers […]
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning of recent ransomware activity by the group known as Ghost, also referred to as Cring. According to the advisory released on Wednesday, the group has been actively exploiting vulnerabilities in software and firmware as recently as January. Operating from China, […]