BTS fans are the target of a massive crypto scam on Twitter. For a little more than two weeks, cryptocurrency-related posts started appearing on timelines of BTS fans, also known as ARMY.

Attackers are exploiting the Google App Script domain—script.google.com—to evade Content Security Policy (CSP) controls and malware scan engines.

Vietnam-linked Ocean Lotus was found involved in a cyberespionage campaign on the country’s human rights defenders and a nonprofit organization that continued for roughly three years.

Contact details, birth dates, addresses, and partial bank account numbers are among the details believed stolen. But the affected accounts had been locked, Npower told the BBC.

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

Cisco Talos recently discovered an out-of-bounds read vulnerability in Slic3r’s library. An adversary could send a target a specially crafted obj file to cause an out-of-bounds condition.

US Senators slammed Amazon Web Services for refusing to testify at a hearing about the SolarWinds intrusion given the public cloud giant’s infrastructure was used in the attack.

After a security researcher published the PoC exploit code targeting a critical vCenter RCE vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers.

Worryingly, more than nine in 10 (93%) of those organizations that experienced attacks in this period admitted that at least one was successful, according to a new study by Bridewell Consulting.

A variant of Masslogger Trojan is being used by criminals to steal Microsoft Outlook, Google Chrome, and Messenger account credentials.