hackers

A user of the OKX cryptocurrency exchange lost more than $2 million worth of crypto assets due to a personal data leak. Hackers changed the security settings in his account, posing as a victim using a deepfake. The victim, named Lai Fang Chang, shared details of the incident with crypto...

Urgently check your Docker settings to stop a possible attack. A group of cybercriminals, Commando Cat, continues a financially motivated cryptojacking campaign aimed at incorrectly configured Docker instances. Named after the use of the Commando project to create containers, the grouping was...

The long-running campaign showed how cyber espionage is conducted at the state level. Sophos specialists have identified a complex and long-term cyber espionage operation by Chinese state hackers aimed at maintaining constant access to the network of a government organization in Southeast Asia...

How to protect yourself and your software from the tricks of cyber bandits? A malicious package designed to distribute the information theft program Lumma (also known as LummaC2) was discovered in the Python Package Index (PyPI) repository. This is a package called "crytic-compilers", which is...

Why do the owners of a vulnerable platform persistently refuse to fix the error found? The Cybernews research team discovered a data leak of customers using popular Turkish food delivery services. The incident is related to the company Paketle Lojistik Hizmetleri, which is engaged in routing...

How does a cyberattack affect a strategically important company for the whole world? The BianLian group claimed responsibility for the attack on the mining company Northern Minerals, as a result of which part of the data was published on the darknet. The company said in a statement that the...

Which country is behind the British Columbia email hack? Hackers allegedly backed by the state broke into the government systems of British Columbia in Canada. The hack affected 22 mailboxes containing confidential information about 19 people. The attack was announced on June 5 by the Minister...

Fix CVE-2024-21683 before criminals get to your network as well. The SonicWall discovered a vulnerability in the Atlassian Confluence Data Center and Server that leads to remote code execution. The vulnerability was identified as CVE-2024-21683 and has a high CVSS score of 8.3 out of 10, which...

CISA calls on government agencies to urgently update vulnerable systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle WebLogic Server to its catalog of Known Exploited Vulnerabilities (KEV). This is done on the basis of available...

Researchers have discovered a way in which hackers can use devices as a hacking tool. A series of vulnerabilities in Cox Communications modems could be a starting point for attackers who want to gain unauthorized access to devices and execute malicious commands. Sam Curry, a security researcher...

Numerous data security breaches were identified years later. As a result of leaks and data security issues that occurred at Google over the past six years, personal data of users, including children, was affected. According to an internal database of the company obtained by journalists of the...

How the development of AI led to the compromise of the secrets of Spaces. Hugging Face last week discovered unauthorized access to the Spaces platform, designed to create, share and host AI models and resources. The Hugging Face blog reported that the hack is related to Spaces secrets, that...

The NSA has issued guidelines for the safe use of mobile devices. The US National Security Agency (NSA) recommends that iPhone and Android users regularly reboot their devices to protect against attacks such as zero clicks. This simple tip can help you protect yourself from hackers who can...

Cyberbandies massively introduce backdoors into the files of plugins and design themes. Cybersecurity researchers have warned that several serious vulnerabilities in WordPress plugins are being actively exploited by attackers to create fake admin accounts. "These vulnerabilities are found in...

CVE-2024-3094 has finally been fixed in version 5.6.2. Exactly two months ago, cyberspace was shaken by the release of an urgent warning regarding malicious code in XZ Utils, which turned out to be a backdoor added by an attacker under the pseudonym Jia Tan. Presumably, a Chinese hacker, or...

What do you need to know about a new actively exploited vulnerability? Check Point reported that attackers have been actively exploiting a critical vulnerability in the Check Point VPN remote access system since the end of April, which allows them to steal Active Directory data for further...

SlashNext has released a study showing that attackers use generative artificial intelligence technologies to prepare and implement phishing attacks and distribute malware. They use OpenAI's ChatGPT and WormGPT cybercrime tool. The latter is based on the GPTJ language model, which was...

Microsoft has blocked 13 code signing certificates. They were used by Chinese hackers and developers to sign and load malicious Kernel-Mode Drivers into compromised systems using the FuckCertVerify and HookSignTool tools. Certificate offers on websites The tools have been around since 2018...

There is only this space, completely familiar, in which there are no surprises. It is fully lit, every inch is under supervision. But beyond the perimeter there is such impenetrable darkness that you can’t see anything even a meter away. And hands reach out from this darkness. Armed hands. With...

I recently came across the channel of Ivan Novikov (D0znpp), CEO of Wallarm, who writes his episodes without editing and almost every day (about life in America, Y Combinator, sales and investments), and I discovered a lot of useful information there. I decided to share a couple of issues “about...