Security News

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on...

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN...

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques. Avast reports that Lazarus exploited CVE-2024-21338 to create a read/write kernel primitive in an updated version of its FudModule rootkit, which ESET first documented in late 2022.

An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including...

Japan's Computer Security Incident Response Team is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. PyPI is a repository of open-source software packages that software developers can utilize in their Python projects to add additional functionality to their programs with minimal effort.

Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated "a nuanced understanding of the appliance", according to Mandiant incident responders and threat hunters. "While the limited attempts observed to maintain persistence have not been successful to date due to a lack of logic in the malware's code to account for an encryption key mismatch, it further demonstrates the lengths UNC5325 will go to maintain access to priority targets and highlights the importance of ensuring network appliances have the latest updates and patches," Mandiant's specialists noted.

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. APT28 is a notorious Russian hacking group found to be responsible for several high-profile cyber attacks since they first began operating.

Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. Search engine crawlers index the redirects and list them on Google Search results, making them an effective strategy for SEO poisoning campaigns, leveraging a trusted domain to rank malicious URLs higher for specific queries.

Members of the Five Eyes intelligence alliance warned today that APT29 Russian Foreign Intelligence Service hackers are now switching to attacks targeting their victims' cloud services. The Russian cyberspies also compromised Microsoft 365 accounts belonging to various entities within NATO nations to obtain foreign policy-related data and targeted governments, embassies, and senior officials throughout Europe associated in a string of phishing attacks.

A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named...