Researchers have linked DoNot Team, a threat actor believed to be of Indian origin, to a .NET-based backdoor called Firebird. The backdoor has been used to target victims in Pakistan and Afghanistan.

Researchers suspect that Meta was either tricked into providing access to the threat actor or the threat actor obtained credentials for a legitimate law enforcement account.

QNAP urges customers to implement security measures such as changing default access port numbers, using strong passwords, and updating firmware to protect against future attacks.

Proofpoint researchers have discovered a new version of the Grandoreiro malware that is targeting victims in both Mexico and Spain. This is unusual as the malware has historically only targeted Portuguese and Spanish speakers in Brazil and Mexico.

A potential data breach in Philadelphia’s email system may have exposed protected health information, including names, addresses, birth dates, Social Security numbers, medical information, and some financial information.

Quasar RAT, an open-source remote access trojan also known as CinaRAT or Yggdrasil, has been spotted leveraging a new Microsoft file as part of its DLL sideloading process to stealthily drop malicious payloads on compromised Windows systems. Once the Quasar RAT payload is executed in the computer’s memory, it further employs the process hollowing technique […]

The personal information of D.C. voters, including partial Social Security numbers and driver’s license numbers, may have been exposed in a data breach affecting the Board of Elections’ voter roll.

The attack chain involves renaming legitimate files, injecting malicious code, and leveraging DLL sideloading to ultimately deploy the Quasar RAT payload, highlighting the sophistication of the attack.

A recent report from WithSecure has highlighted a surge in DarkGate malware infection attempts. Multiple Vietnamese threat groups have been found to deploy info-stealer campaigns using Malware-as-a-Service (MaaS), honing in on specific sectors or groups. Their modus operandi displays notable similarities, with recurring themes in lures and delivery methods.

The cyberattack caused outages in the company’s phone service, building connectivity, and online services, impacting customers’ ability to pay bills and file claims online.