Hacking Groups & Hackers
Hacking Groups & Hackers
Latest Cyber News
admin@338 - admin@338 is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Ajax Security Team - Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
ALLANITE - ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Andariel - Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Aoqin Dragon - Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT-C-36 - APT-C-36 is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations in the financial sector, petroleum industry, and professional ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT1 - APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT12 - APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT16 - APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT17 - APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT18 - APT18 is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT19 - APT19 is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT28 - APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165. This group has been active since at least 2004.APT28 reportedly compromised ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT29 - APT29 is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR). They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT3 - APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security. This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap. As of ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT30 - APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT32 - APT32 is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists with a strong focus on Southeast Asian ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT33 - APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT37 - APT37 is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT38 - APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau. Active since at least 2014, APT38 has targeted banks, financial institutions, casinos, ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT39 - APT39 is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. APT39 has primarily targeted the travel, ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
APT41 - APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting healthcare, telecom, technology, and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Aquatic Panda - Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, Aquatic Panda has primarily targeted entities in the telecommunications, technology, and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Axiom - Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between Axiom and Winnti Group but the two ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
BackdoorDiplomacy - BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
BITTER - BITTER is a suspected South Asian cyber espionage threat group that has been active since at least 2013. BITTER has primarily targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
BlackOasis - BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
BlackTech - BlackTech is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. BlackTech has used a combination of custom malware, dual-use ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Blue Mockingbird - Blue Mockingbird is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created in December 2019. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Bouncing Golf - Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
BRONZE BUTLER - BRONZE BUTLER is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Carbanak - Carbanak is a cybercriminal group that has used Carbanak malware to target financial institutions since at least 2013. Carbanak may be linked to groups tracked separately as Cobalt Group and FIN7 that have also used Carbanak malware. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Chimera - Chimera is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Cleaver - Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Cobalt Group - Cobalt Group is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Confucius - Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
CopyKittens - CopyKittens is an Iranian cyber espionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
CURIUM - CURIUM is an Iranian threat group first reported in November 2021 that has invested in building a relationship with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Dark Caracal - Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Darkhotel - Darkhotel is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
DarkHydrus - DarkHydrus is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
DarkVishnya - DarkVishnya is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Deep Panda - Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. The intrusion into healthcare company Anthem has been attributed to Deep Panda. This group is also ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Dragonfly - Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16. Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
DragonOK - DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. It is ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Earth Lusca - Earth Lusca is a suspected China-based cyber espionage group that has been active since at least April 2019. Earth Lusca has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Elderwood - Elderwood is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. The group has targeted defense organizations, supply chain manufacturers, human rights and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Ember Bear - Ember Bear is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021. Ember Bear has primarily focused their operations against Ukraine and Georgia, but has also targeted Western European and North ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Equation - Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Evilnum - Evilnum is a financially motivated threat group that has been active since at least 2018. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
EXOTIC LILY - EXOTIC LILY is a financially motivated group that has been closely linked with Wizard Spider and the deployment of ransomware including Conti and Diavol. EXOTIC LILY may be acting as an initial access broker for other malicious actors, and has ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Ferocious Kitten - Ferocious Kitten is a threat group that has primarily targeted Persian-speaking individuals in Iran since at least 2015. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN10 - FIN10 is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN13 - FIN13 is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. FIN13 achieves its objectives by stealing intellectual property, financial data, ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN4 - FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013. FIN4 is unique in that they do not ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN5 - FIN5 is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN6 - FIN6 is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN7 - FIN7 is a financially-motivated threat group that has been active since 2013. FIN7 has primarily targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, food and beverage, ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
FIN8 - FIN8 is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Fox Kitten - Fox Kitten is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. Fox Kitten has targeted multiple industrial ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
GALLIUM - GALLIUM is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Gallmaker - Gallmaker is a cyberespionage group that has targeted victims in the Middle East and has been active since at least December 2017. The group has mainly targeted victims in the defense, military, and government sectors. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Gamaredon Group - Gamaredon Group is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name Gamaredon Group comes from a misspelling of the ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
GCMAN - GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
GOLD SOUTHFIELD - GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the REvil Ransomware-as-a Service (RaaS). GOLD SOUTHFIELD provides backend infrastructure for affiliates recruited on underground forums to perpetrate ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Gorgon Group - Gorgon Group is a threat group consisting of members who are suspected to be Pakistan-based or have other connections to Pakistan. The group has performed a mix of criminal and targeted attacks, including campaigns against government organizations in ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Group5 - Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
HAFNIUM - HAFNIUM is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. HAFNIUM primarily targets entities in the US across a number of industry sectors, including infectious disease ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
HEXANE - HEXANE is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Higaisa - Higaisa is a threat group suspected to have South Korean origins. Higaisa has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. Higaisa ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Inception - Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
IndigoZebra - IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Indrik Spider - Indrik Spider is a Russia-based cybercriminal group that has been active since at least 2014. Indrik Spider initially started with the Dridex banking Trojan, and then by 2017 they began running ransomware operations using BitPaymer, WastedLocker, and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Ke3chang - Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010. ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Kimsuky - Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and ...
1 year ago Attack.mitre.org
1 year ago Attack.mitre.org
Trending Cyber News (last 7 days)
Sophisticated Phishing Attacks Targeting Decision-Makers Including CEOs and CTOs - Security experts at Hackmosphere noted that the results shows the critical risks for organizations: 24% of CEOs clicked malicious links in test emails, compared to just 6% of CTOs, emphasizing discrepancies in threat perception among leadership ...
19 hours ago Cybersecuritynews.com
19 hours ago Cybersecuritynews.com
X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
3 days ago Bleepingcomputer.com
3 days ago Bleepingcomputer.com
Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access - In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. These emails prompt recipients to authenticate using the ...
4 days ago Cybersecuritynews.com
4 days ago Cybersecuritynews.com
Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number - According to Gokuleswaran, a Cyber Security Analyst, the vulnerability allowed unauthorized users to access private KYC records by exploiting a flaw in the portal’s URL structure. This breach exemplifies how IDOR vulnerabilities can lead to ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
Pennsylvania utility says MOVEit breach at vendor exposed some customer data | The Record from Recorded Future News - PPL Electric Utilities said in an emailed statement that the vendor notified it in June 2023 of a breach through a widespread bug in the MOVEit file transfer software, which affected hundreds of organizations and exposed the data of tens of millions ...
6 days ago Therecord.media
6 days ago Therecord.media
Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication - Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The threat ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
New Go-Based Malware Exploits Telegram and Use It as C2 Channel - Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. Netskope Advanced Threat Protection proactively detects this threat under the identifier ...
5 days ago Cybersecuritynews.com
5 days ago Cybersecuritynews.com
PurpleLab - A Free Cybersecurity Lab for Security Teams To Analyse Cyber Threats - PurpleLab is a cybersecurity lab that integrates various tools and technologies to support analysts in testing detection rules and simulating real-world cyber threats. In a significant step forward for cybersecurity professionals, PurpleLab offers an ...
4 days ago Cybersecuritynews.com
4 days ago Cybersecuritynews.com
New Android Security Feature that Blocks Changing Sensitive Setting During Calls - A common tactic involves guiding victims over the phone to enable sideloading or accessibility permissions, which allow malicious apps to bypass safeguards and gain control of the device. This feature, currently live in the beta version, prevents ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
4 days ago Cybersecuritynews.com
4 days ago Cybersecuritynews.com
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment - A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate ...
4 days ago Cybersecuritynews.com
4 days ago Cybersecuritynews.com
Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely - A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This campaign shows the importance of continuous WordPress ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
CVE-2025-0822 - Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-13500 - The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-13439 - The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2025-26793 - The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial ...
5 days ago Tenable.com
5 days ago Tenable.com
Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program - This initiative, which began in 2011, has now surpassed $20 million in total payouts, underscoring Meta’s dedication to collaborating with the global security research community to enhance platform safety and integrity. Meta’s bug bounty ...
4 days ago Cybersecuritynews.com
4 days ago Cybersecuritynews.com
CISA Warns of Apple iOS Vulnerability Exploited in Wild - The flaw, an authorization bypass in Apple’s USB Restricted Mode, enables attackers with physical access to disable security protections on locked devices, potentially exposing sensitive data. CVE-2025-24200, cataloged under CWE-863 (Incorrect ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
Fintech giant Finastra notifies victims of October data breach - While Finastra has yet to share the number of individuals affected by the data breach and the nature of the exposed data (besides victims' names), the company started sending breach notification letters last week to at least 65 people in the state ...
3 days ago Bleepingcomputer.com
3 days ago Bleepingcomputer.com
Microsoft reminds admins to prepare for WSUS driver sync deprecation - Introduced as Software Update Services (SUS) in 2005, almost two decades ago, WSUS enables IT admins to manage and distribute updates for Microsoft products across enterprise networks with large numbers of Windows devices from a single server instead ...
2 days ago Bleepingcomputer.com
2 days ago Bleepingcomputer.com
Venture capital giant Insight Partners hit by cyberattack - After discovering the breach, Insight Partners notified law enforcement in relevant jurisdictions and hired third-party cybersecurity experts to investigate its impact. "We are working diligently to determine the scope of the incident with the ...
2 days ago Bleepingcomputer.com
2 days ago Bleepingcomputer.com
Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
5 days ago Bleepingcomputer.com
5 days ago Bleepingcomputer.com
CVE-2025-1359 - A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1354 - A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the ...
4 days ago Tenable.com
4 days ago Tenable.com
Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB - In one demonstrated attack chain, researchers gained admin access via default credentials (Xerox devices often retain factory defaults), modified LDAP settings to attacker IP, triggered LDAP sync via “Test Connection” feature and used captured ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
Ransomware Gangs Encrypt Systems After 17hrs From Initial Infection - A 2025 threat report by cybersecurity firm Huntress reveals ransomware gangs now take just 17 hours on average to encrypt systems after initial network intrusion, with some groups like Akira and RansomHub operating in as little as 4–6 hours. New ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
Microsoft to remove the Location History feature in Windows - “We are deprecating and removing the Location History feature, an API that allowed Cortana to access 24 hours of device history when location was enabled,” reads Microsoft's announcement. The API behind the feature, ...
3 days ago Bleepingcomputer.com
3 days ago Bleepingcomputer.com
CVE-2024-13834 - The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-10581 - The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it ...
5 days ago Tenable.com
5 days ago Tenable.com
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
5 days ago Cybersecuritynews.com
5 days ago Cybersecuritynews.com
CVE-2024-13488 - The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter ...
5 days ago Tenable.com
5 days ago Tenable.com
IDOR vulnerability in ExHub Let Attacker Modify Web Hosting Configuration - The consequences of this IDOR vulnerability were severe where attackers could manipulate deployment configurations, potentially gaining unauthorized access to sensitive resources. This vulnerability effectively allowed unauthorized users to perform ...
3 days ago Cybersecuritynews.com
3 days ago Cybersecuritynews.com
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
3 days ago Bleepingcomputer.com
3 days ago Bleepingcomputer.com
Microsoft spots XCSSET macOS malware variant used for crypto theft - A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. XCSSET then creates a malicious Launchpad application with ...
3 days ago Bleepingcomputer.com
3 days ago Bleepingcomputer.com
New Research Proposed To Enhance MITRE ATT&CK In Dynamic Cybersecurity Environments - However, analysts (at National University of Singapore and NCS Cyber Special Ops R&D) noted that the proposed research seeks to address current limitations by introducing advanced capabilities such as real-time threat mapping, cross-domain ...
2 days ago Cybersecuritynews.com
2 days ago Cybersecuritynews.com
CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-13837 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. ...
3 days ago Tenable.com
3 days ago Tenable.com
Chase will soon block Zelle payments to sellers on social media - While Chase didn't share what exactly prompted this decision, the U.S. Consumer Financial Protection Bureau (CFPB) sued Early Warning Services (Zelle's operator) and three of its owner banks (Bank of America, JPMorgan Chase, and Wells Fargo) in ...
3 days ago Bleepingcomputer.com
3 days ago Bleepingcomputer.com
Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
2 days ago Bleepingcomputer.com
2 days ago Bleepingcomputer.com
Beware of Fake BSOD Delivered by Malicious Python Script - According to security consultant Xavier Mertens, the tkinter library, a standard Python module, is typically used to create graphical user interfaces (GUIs). Security teams should consider monitoring for unusual uses of GUI libraries like tkinter as ...
5 days ago Cybersecuritynews.com
5 days ago Cybersecuritynews.com
Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques - By exploiting user trust in popular games and employing advanced evasion techniques, threat actors have demonstrated their ability to infiltrate systems undetected while maximizing financial gain through cryptomining. In a sophisticated cyberattack ...
2 days ago Cybersecuritynews.com
2 days ago Cybersecuritynews.com
China-Linked Threat Group Targets Japanese Orgs' Servers - In targeting organizations in the Asia-Pacific region, Winnti is exploiting vulnerabilities found in applications like IBM Lotus Domino to deploy malicious malware, including DEATHLOTUS, UNAPIMON, PRIVATELOG, CUNNINGPIGEON, WINDJAMMER, and ...
2 days ago Darkreading.com
2 days ago Darkreading.com
CVE-2025-26508 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2025-26506 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2025-1357 - A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1355 - A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1392 - A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-13879 - The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with ...
3 days ago Tenable.com
3 days ago Tenable.com