A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.

Trend Micro found PlugX RAT masquerading as an open-source Windows debugger tool, dubbed x32dbg, with an aim to evade security controls and gain control over the target system. Attackers use DLL side-loading to execute malicious code via the DLLs of the debugger tool, allowing attackers to bypass security restrictions and escalate privileges.

The experts have yet to determine the initial attack vector, they reported that FiXS utilizes an external keyboard (similar to Ploutus). It instructs the ATM to dispense money 30 minutes after the last ATM reboot.

An opposition-linked Polish mayor had his phone hacked using Pegasus spyware, Gazeta Wyborcza daily reported on Friday, amid allegations that the country’s special services have used the technology against government opponents.

During the analysis of Wago PLCs, a researcher discovered several vulnerabilities in the web-based management interface designed for administering, commissioning and updating devices.

In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials and used them to hijack the victim websites to redirect visitors to adult-themed content.

The Mapped I/O side-channel vulnerabilities were initially disclosed by Intel on June 14th, 2022, warning that the flaws could allow processes running in a virtual machine to access data from another virtual machine.

Southeastern Louisiana University suffered a week-long outage of its website, email, or system for submitting assignments after a “potential incident” last week caused the university to shut down its network.

The FBI and the CISA released a joint Cybersecurity Advisory to provide organizations, tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with this ransomware family.