Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

13/04/2024 0 Comments 0 tags

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

13/04/2024 0 Comments 0 tags

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

12/04/2024 0 Comments 0 tags

“Test files” associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides

Code Keepers: Mastering Non-Human Identity Management

12/04/2024 0 Comments 0 tags

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

12/04/2024 0 Comments 0 tags

Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a

Iranian MuddyWater Hackers Adopt New C2 Tool ‘DarkBeatC2’ in Latest Campaign

12/04/2024 0 Comments 0 tags

The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. “While occasionally

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

12/04/2024 0 Comments 0 tags

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

12/04/2024 0 Comments 0 tags

Cybersecurity researchers have discovered a credit card skimmer that’s concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites

Python’s PyPI Reveals Its Secrets

11/04/2024 0 Comments 0 tags

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits.

TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

11/04/2024 0 Comments 0 tags

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. “This is the first time researchers observed TA547 use