WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting.

The South China Athletic Association (SCAA) was rocked by a cyberattack as unauthorized third parties breached the organization’s computer servers, sparking concerns over the security of member data.

The Department of Transportation (DOT) will review data collection practices for the country’s 10 largest airlines in a bid to improve passenger privacy protections, Secretary Pete Buttigieg said on Thursday.

Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions.

In documents filed with U.S. regulators, the company explained that on March 14 it detected “the initial stages of a cybersecurity incident related to its Canadian operations.”

According to Broadcom, the campaign distributes malicious APK packages and seeks out banking information, SMS messages, and other sensitive information from a victim’s device.

Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.

The malware injects JavaScript to perform unwanted redirects by using sophisticated obfuscation techniques, including time-based randomization and XOR encoding, to evade detection.

Worryingly, the social engineering scammers are likely operating with little more than a cheap email list of self-employed US residents, according to the latest advisory from Malwarebytes Labs.

Curious Serpens has been active since at least 2013. This threat actor is associated with espionage and has targeted organizations in the Middle East, the United States, and Europe.