Security News

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
2024-06-25 03:32

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected...

Four FIN9 hackers indicted for cyberattacks causing $71M in losses
2024-06-24 17:35

Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. The defendants, identified as Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong, carried out their cybercrimes from May 2018 until October 2021, stealing both data and funds directly from U.S. organizations. "The FIN9 defendants were prolific international hackers who, for years, allegedly used phishing campaigns, supply chain attacks and other hacking methods to steal millions from their victims," states U.S. Attorney Philip R. Sellinger.

CoinStats says North Korean hackers breached 1,590 crypto wallets
2024-06-24 14:56

CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors. For users who want to use the portfolio management features, the platform requires read-only access to connected external crypto wallets and were not affected by the breach.

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
2024-06-21 13:42

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle...

UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs
2024-06-20 17:46

A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. A new report by Mandiant unveils UNC3886's use of the mentioned rootkits on virtual machines for long-term persistence and evasion, as well as custom malware tools such as 'Mopsled' and 'Riflespine,' which leveraged GitHub and Google Drive for command and control.

Hackers use F5 BIG-IP malware to stealthily steal data for years
2024-06-17 17:37

A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. Using the compromised F5 BIG-IP devices, the threat actors could stealthily steal sensitive customer and financial information from the company for three years without being detected.

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
2024-06-17 11:59

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the...

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
2024-06-17 06:28

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage...

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
2024-06-16 04:31

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested...

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks
2024-06-15 08:13

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under...