Security News

Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
2024-11-14 17:36

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for...

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
2024-06-26 04:24

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to...

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability
2024-06-05 21:45

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Microsoft India’s X account hijacked in Roaring Kitty crypto scam
2024-06-03 22:30

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. Microsoft India's X account has a gold check as an officially verified organization on the platform, lending the hijackers' posts more legitimacy.

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation
2024-02-26 14:10

More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and...

Hijacked subdomains of major brands used in massive spam campaign
2024-02-26 14:00

A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. "The campaign is called"SubdoMailing, as the threat actors hijack abandoned subdomains and domains belonging to well-known companies to send their malicious emails.

SubdoMailing campaign spams 5 million emails daily via 8k hijacked domains
2024-02-26 14:00

A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. "The campaign is called"SubdoMailing, as the threat actors hijack abandoned subdomains and domains belonging to well-known companies to send their malicious emails.

Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud
2024-02-10 03:31

More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers. In the case of VexTrio, tens of thousands of websites are compromised so that their visitors are redirected to pages that serve up malware downloads, show fake login pages to steal credentials, or perform some other fraud or cyber-crime.

SEC Twitter hijacked to push fake news of hotly anticipated Bitcoin ETF approval
2024-01-09 21:48

Breaking The SEC today said its Twitter/X account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price. In a now-deleted tweet shared in the past hour, the American financial regulator appeared to say: "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."

SEC Twitter hijacked to push fake news of hotly anticipated ETF approval
2024-01-09 21:48

Breaking The SEC today said its Twitter account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price. In a now-deleted tweet, shared in the past hour, the American financial regulator appeared to say: "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."