The script contacts a C&C server and downloads a custom variant of the EggShell backdoor, which installs a user LaunchAgent for persistence, and allows the attacker to record information from the victim’s microphone, camera, and keyboard.

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation.

Researchers from Sucuri recently discovered a tactic, practiced by Magecart groups, to hide malicious activity by saving stolen credit card data into a JPEG file.

Google released a Proof-of-Concept on Spectre side-channel vulnerability for web app developers, highlighting the importance of deploying application-level mitigations to stay secure.

Victimizing at least nine organizations across Africa, Europe, Mexico, and the U.S in the past two weeks, the REvil gang is probably showing off its Gootloader malware loader. 

The ransomware gang announced they had breached Acer and shared some images of allegedly stolen files as proof, including financial spreadsheets, bank balances, and bank communications.

According to a report published on March 16 by PrivacySavvy, many travel companies expose users’ data through their booking apps which could impact up to 105 million users.

Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.

CISA Hunt and Incident Response Program (CHIRP), the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems.

A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants, and financial departments across numerous industries.