New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations ...

New VENOM phishing attacks steal senior executives' Microsoft logins

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials ...

Healthcare IT solutions provider ChipSoft hit by ransomware attack

Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline ...

When attackers already have the keys, MFA is just another door to open

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication ...

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version ...

Hackers exploiting Acrobat Reader zero-day flaw since December

Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at ...

Google Chrome adds infostealer protection against session cookie theft

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block ...

Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot

Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin ...

Microsoft suspends dev accounts for high-profile open source projects

Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper ...

Eurail says December data breach impacts 300,000 individuals

Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the ...

Webinar: From noise to signal - What threat actors are targeting next

Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and ...

New macOS stealer campaign uses Script Editor in ClickFix attack

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...