The PyPI repository is home to a number of malicious Python packages that have been found to steal sensitive data like AWS credentials and…
General
General
Chinese hackers are disseminating an SMS bomber tool that contains malware
As part of a recently revealed effort, a threat cluster connected to the hacking organisation Tropic Trooper has been seen employing previously unknown malware…
General
VMware servers are still being compromised via Log4Shell exploits
Today, CISA issued a warning about threat actors continuing utilising the Log4Shell (CVE-2021-44228) remote code execution vulnerability to attack VMware Horizon and Unified Access…
General
Hacker exploits a zero-day vulnerability in Mitel VoIP
A ransomware attack against an unnamed target used Mitel VoIP equipment as an entry point to execute the code remotely and access the environment. …
General
A serious PHP bug makes QNAP NAS equipment vulnerable to RCE attacks.
Customers of QNAP have been informed today that certain Network Attached Storage (NAS) devices (with non-default configurations) are susceptible to attacks that would take…
General
Mega says it can’t decrypt your files. New PoC exploit shows otherwise
Mega’s encryption system has been found to have serious weaknesses that allow services to view your data. Mega, a cloud storage service with 250…
General
NSO admits to the EU committee that Pegasus has been misused by 5 E.U countries
The infamous Israeli surveillance ware vendor NSO Group accepted that five countries used its Pegasus tool. The acceptance was in response to a question…
General
Researchers claim SmartTub site flaws could disclose Jacuzzi consumers data
According to a security researcher, flaws in the online interface of Jacuzzi’s SmartTub app could have allowed an attacker to view and perhaps change…
General
Avos ransomware organisation increases its attack capabilities
We recently noticed a month-long AvosLocker promotion during a client engagement. Cobalt Strike, Sliver, and various commercial network scanners were among the tools used…
General
Magecraft campaign sheds light on the scale of the ongoing campaign
A Magecart skimming campaign, recently discovered, was traced back to an earlier attack in November 2021. Two malware domains have been tracked for hosting…