Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups.

Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture.

Websites of some Russian federal agencies were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies

Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies.

The seven flaws have been dubbed Access:7 and are present in PTC’s Axeda agent, which is used for remote access and management of more than 150 connected devices across over 100 vendors. 

Lapsus$, responsible for the recent attack on Nvidia, reportedly released two of the company’s old code-signing certificates, and threat actors have started abusing it. In some cases, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans. Admins are suggested to configure Windows Defender Application Control policies to control […]

The FBI issued an alert about the Ragnar Locker ransomware group that has claimed 52 entities as its victims across 10 critical infrastructure sectors in the U.S, so far. The IOCs in the alert has information from Bitcoin addresses where hackers collect the ransom to the email addresses of operators. The FBI also urges security […]

Researchers exposed cybercriminals distributing the SharkBot banking trojan via Google Play Store. The malware is using Automatic Transfer Systems (ATS) to transfer money by abusing the Accessibility permission on devices and grants itself additional required permissions. Smartphone users are requested to be careful with the type of apps they download from various app stores and […]

Siemens has released 15 new advisories to inform customers about more than 100 vulnerabilities affecting its products, including over 90 security flaws introduced by the use of third-party components.

It is an extension of the 2017 Spectre version 2 attack, also known as Spectre-BTI (Branch Target Injection) and, just like Spectre v2, can result in the leak of sensitive information from the privileged kernel memory space.