Threat actors are sharing malspam messages with the subject ‘Free Primary Legal Aid’ to disseminate the DarkCrystal RAT or DCRat onto victims’ systems.
The PyPI repository containing malicious Python packages are steal sensitive data before sending it to publicly exposed endpoints. The sensitive data includes AWS credentials as well as environment variables. The stolen data is stored in TXT files and uploaded to a PyGrata[.]com domain. The endpoin ...Read More
The LockBit RaaS launched LockBit 3.0, the first-ever ransomware bug bounty program for security experts to submit bug reports and get rewarded with up to $1 million. Various bug bounty categories include website bugs (such as XSS vulnerabilities, and MySQL injections), Locker bugs (bugs in the ran ...Read More
Keona Clipper, a new malware threat is stealing cryptocurrencies from infected computers by replacing the user wallet address with its own. It leverages Telegram to stay hidden. Researchers identified over 90 different iterations of Keona since May, indicating wide deployment. Users should take utm ...Read More
Raccoon Stealer v2 is written in C/C++ using WinApi. The malware downloads legitimate third-party DLLs from its C2 servers. It is believed that the new version was available on Telegram for sale since May 17.
An RCE zero-day in unpatched versions of a Linux-based Mitel VoIP application is the new threat to tens of thousands of devices, with most in the U.S. and U.K. The flaw occurs due to insufficient data validation for a diagnostic script, which allows remote and unauthorized attackers to add commands ...Read More
Two APT groups from China carried out cyberespionage to steal sensitive data from Western and Japanese firms but posed as financially-motivated groups by deploying ransomware. APT41 is focused on stealing intellectual property from Japanese firms while APT10 has been targeting global organizations. ...Read More
Researchers found a new malware tool - for sale on cybercrime forums - that helps cybercriminals in building malicious Windows shortcut (.LNK) files to infect victims. Quantum Builder supports multiple payloads per LNK file and has capabilities to create HTA and ISO payloads. The tool shares t ...Read More
Scalper bots have gone out of control in Israel by signing up for public service appointments for several government services and then selling them to dissatisfied citizens. The bot's operators attempted to sell appointments for multiple government agencies for over $100. In order to beat mo ...Read More
A new phishing attack could abuse Microsoft Edge WebView2 applications to steal victims’ authentication cookies, using which hackers bypass MFA for logging accounts. The attack includes a WebView2 executable, for which the researcher created a proof-of-concept that opens a genuine Microsoft login f ...Read More
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.