Security News

Security researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message. Terrapin is a prefix truncation attack targeting the SSH protocol.

American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions. In response to the detected unauthorized access on its network, the company shut down some of its systems and brought in external experts to help contain the attack.

The Kraft Heinz Company says its systems are all up and running as usual as it probes claims that some of its data was stolen by ransomware crooks. Kraft Heinz, which owns a ton of food and beverage brands including Oscar Meyer, Kool-Aid, Jell-O, Maxwell House, and Grey Poupon, declined to answer our specific questions about the Snatch extortion gang's boasts that it had compromised the manufacturer and obtained internal information.

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the...

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications...

Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, manage, and securely store their digital assets offline, supporting multiple cryptocurrencies, including Bitcoin and Ethereum. The company offers a library called the "Ledger dApps Connect Kit" that allows web3 apps to connect to Ledger hardware wallets.

Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been...

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least...

A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate. BazarCall, first documented in 2021, is a phishing attack utilizing an email resembling a payment notification or subscription confirmation to security software, computer support, streaming platforms, and other well-known brands.

Ukraine's biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms...