A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. “The infection turns these devices into
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in
Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were
Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that
Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that
A hacking group dubbed OilAlpha with suspected ties to Yemen’s Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. “OilAlpha used encrypted
A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to
Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities, and update key features
The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary