Security News
A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The malware had infected the account of an Orange Spain employee.
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even...
Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium. The research uncovered that 29 malware families targeted 1,800 banking applications across 61 countries last year.
Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. A zero-day exploit of Google account security was first teased by a cybercriminal known as "PRISMA" in October 2023, boasting that the technique could be used to log back into a victim's account even after the password is changed.
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity...
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. These cookies would allow the cybercriminals to gain unauthorized access to Google accounts even after the legitimate owners have logged out, reset their passwords, or their session has expired.
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as...
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor...
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised package is the prepackaged standalone modified version of the original game and not a mod installed via Steam Workshop.
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised package is the prepackaged standalone modified version of the original game and not a mod installed via Steam Workshop.