cyber2security blog

Kimsuky hackers use new recon tool to find security gaps
The North Korean Kimsuky hacking group has been observed employing…

Why Telecoms Struggle with SaaS Security
The telecom industry has always been a tantalizing target for…

North Korea’s ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
The North Korean threat actor known as ScarCruft started experimenting…

Get 50% off Malwarebytes Premium + Privacy in this limited-time deal
If you are concerned about the security and privacy of your online…

New Fleckpe Android malware installed 600K times on Google Play
A new Android subscription malware named 'Fleckpe' has been spotted…

Brightline data breach impacts 783K pediatric mental health patients
Pediatric mental health provider Brightline is warning patients…

Google adds passkeys support for passwordless sign-in on all accounts
Google is rolling out support for passkeys for Google Accounts…

Level Finance crypto exchange hacked after two security audits
Hackers exploited a Level Finance smart contract vulnerability…

Police dismantles Try2Check credit card verifier used by dark web markets
The U.S. Department of Justice announced today the indictment…

1Password explains scary Secret Key and password change alerts
1Password says a recent incident that caused customers to receive…

Russian hackers use WinRAR to wipe Ukraine state agency’s data
The Russian 'Sandworm' hacking group has been linked to an attack…

FBI seizes 9 crypto exchanges used to launder ransomware payments
The FBI and Ukrainian police have seized nine cryptocurrency…

Facebook disrupts new NodeStealer information-stealing malware
Facebook discovered a new information-stealing malware distributed…

Researcher hijacks popular Packagist PHP packages to get a job
A researcher hijacked over a dozen Packagist packages—with…

Google will remove secure website indicators in Chrome 117
Google announced today that the lock icon, long thought to be…

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices
Hackers are actively exploiting an unpatched 2018 authentication…

AppSec Making Progress or Spinning Its Wheels?
Software developers and application security specialists estimate…

Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor
The cyberattack campaign, similar to one to spread the Rhadamanthys…

Police operation ‘SpecTor’ arrests 288 dark web drug vendors and buyers
An international law enforcement operation codenamed 'SpecTor'…

How to Spot a ChatGPT Phishing Website
Scammers are leveraging the popularity of ChatGPT in phishing…

Google Chrome Drops Browser Lock Icon
Chrome 117 will retire the lock icon and replace it with a "tune"…

Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks
Build a culture of security so that everyone is on the lookout…

4 Principles for Creating a New Blueprint for Secure Software Development
Improving the security of the software development process is…

Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram
The company has removed three APTs and six potentially criminal…

Hotels at Risk From Bug in Oracle Property Management Software
Oracle's characterization of the vulnerability in its Opera software…

PrivateGPT Tackles Sensitive Info in ChatGPT Prompts
In an effort to curb employees from entering private data into…

Apple Debuts Its Rapid Response Security Update Approach
Smaller fixes deliver quick improvements for iPhones, iPads,…

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
The North Korean state-sponsored threat actor known as Kimsuky has…

Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts
Third-party apps such as Google Analytics, Meta Pixel, HotJar,…

Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads
A new Android subscription malware named Fleckpe has been unearthed…

‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware
The dropper is being used in a Charming Kitten APT campaign that…

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
Users of Advanced Custom Fields plugin for WordPress are being…

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Installs Compromised
PHP software package repository Packagist revealed that an "attacker"…

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
An ongoing phishing campaign with invoice-themed lures is being…

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
An advanced persistent threat (APT) actor known as Dragon Breath has…

New Android Malware ‘FluHorse’ Targeting East Asian Markets with Deceptive Tactics
Various sectors in East Asian markets have been subjected to…


Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
Italian corporate banking clients are the target of an ongoing…

Western Digital says hackers stole customer data in March cyberattack
Western Digital has taken its store offline and sent customers…

Meet Akira — A new ransomware operation targeting the enterprise
The new Akira ransomware operation has slowly been building a…

Twitter says ‘security incident’ exposed private Circle tweets
Twitter disclosed that a 'security incident' caused private tweets…

New CS:GO map bypasses Russia’s censorship of Ukraine war news
Finish newspaper Helsingin Sanomat has created a custom Counter-Strike:…

Microsoft patches 3 vulnerabilities in Azure API Management
The vulnerabilities comprise url formatting bypasses and an unrestricted…

New PaperCut RCE exploit created that bypasses existing detections
A new proof-of-concept (PoC) exploit for an actively exploited…

The Merck appeal: cyber insurance and the definition of war
Pharmaceutical giant Merck’s won an appeal that might see it…

Top cybersecurity M&A deals for 2023
Uncertainty and instability marked the end of 2022 for many in…

New Cactus ransomware encrypts itself to evade antivirus
The Cactus ransomware operation has been active since at least…

Google launches entry-level cybersecurity certificate to teach threat detection skills
The six-month course requires no prior cybersecurity experience…

Patch manager Action1 to add vulnerability discovery, prioritization
Upcoming features will add new vulnerability management capabilities…

Malware disguised as ChatGPT apps are being used to lure victims, Meta says
Since March, Meta has discovered malware using ChatGPT and other…

Google rolls out passkey support across accounts on all major platforms
Passkeys for Google Accounts are available now while Google Workspace…

Attacks increasingly use malicious HTML email attachments
New research shows that up to a half of all HTML email attachments…

Vanta adds new SaaS capability to address growing concerns over vendor security
Vanta’s new offering aims to help customers streamline third-party…

oneM2M IoT security specifications granted ITU approval
The oneM2M specifications enable secure IoT data exchange and…

Samsung bans staff AI use over data leak concerns
Samsung has reportedly issued a memo prohibiting the use of generative…

11 security tools all remote employees should have
Compromised employee personal devices and accounts can disrupt…

Veza releases access security, governance solution for SaaS applications
Solution secures sensitive data in SaaS apps and integrates with…

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
The threat actors behind the ransomware attack on Taiwanese PC…

Western Digital Confirms Customer Data Stolen by Hackers in March Breach
Digital storage giant Western Digital confirmed that an "unauthorized…

SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations
The suspected Pakistan-aligned threat actor known as SideCopy has…