admin

admin

  • Joined: September 10, 2024
  • Articles: 8394

TamperedChef Malware Masquerading as Fake PDF Editors Gathers Credentials and Cookies

Cybersecurity Alert: Aug 29, 2025

Cybersecurity experts have uncovered a new cybercrime operation utilizing deceptive advertising techniques to funnel victims to fraudulent websites, leading them to download an information-stealing malware known as TamperedChef. Researchers from Truesec—Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf—reported on the findings, revealing that the goal is to entice victims into installing a Trojan PDF editor. This malicious software is designed to capture sensitive information, including login credentials and web cookies. The scheme primarily leverages multiple fake sites to promote a free PDF editor named AppSuite PDF Editor. Once downloaded and executed, the software prompts users to agree to its terms of service and privacy policy, all while in the background covertly connecting to an external server to install the actual malware.

TamperedChef Malware Poses as Fake PDF Editors to Steal Credentials and Cookies In a recent cybersecurity alert, researchers uncovered a malicious campaign that employs deceptive advertising techniques to lure victims into downloading a second-rate PDF editor. This operation centers around…

Urgent: Critical RCE Vulnerability in ForgeRock Access Manager Under Active Exploitation

Cybersecurity agencies in Australia and the U.S. are sounding the alarm about a serious vulnerability in ForgeRock’s OpenAM access management system, which is being actively exploited to execute remote code on compromised systems. The Australian Cyber Security Centre (ACSC) has reported that threat actors are leveraging this flaw to infiltrate multiple hosts, deploying additional malware and tools. However, details regarding the nature and scope of the attacks, as well as the identities of the perpetrating actors, remain undisclosed.

Identified as CVE-2021-35464, this vulnerability is a pre-authentication remote code execution (RCE) flaw linked to unsafe Java deserialization in the Jato framework used by ForgeRock Access Manager. Exploiting this vulnerability allows attackers to execute commands within the context of the current user rather than as a root user.

Critical RCE Vulnerability in ForgeRock Access Manager Under Active Exploitation On July 13, 2021, cybersecurity agencies from Australia and the United States issued a serious warning regarding an actively exploited vulnerability within ForgeRock’s OpenAM access management solution. This security flaw…

Three LulzSec Hackers Admit Guilt in NHS and Sony Cyber Attacks

April 9, 2013

Three members of the notorious hacktivist group LulzSec have pleaded guilty to their involvement in a series of cyber attacks targeting the NHS, Sony, and News International. Ryan Ackroyd, Jake Davis, and Mustafa Al-Bassam confessed to committing an unauthorized act to disrupt computer operations, violating the Criminal Law Act of 1977.

In July 2011, the Sun’s website was compromised, with users momentarily redirected to a fake page falsely announcing Rupert Murdoch’s death. Both Davis, hailing from Shetland, and Bassam, a student from Peckham in south London, admitted to conspiring to attack websites of law enforcement agencies in the UK and US, including the CIA and the Serious Organized Crime Agency (SOCA).

As an offshoot of the Anonymous hacktivists, LulzSec, along with Anonymous, caused significant disruption throughout 2011 and 2012, taking thousands of websites offline and stealing data from prominent companies. The three men are facing…

Three LulzSec Hackers Admit Guilt in NHS and Sony Attacks Date: April 9, 2013 In a significant turn of events within the cyber threat landscape, three members of the notorious hacking collective LulzSec have pleaded guilty to participating in a…

Google Alerts: Salesloft Drift Breach Affects All Integrations Beyond Salesforce

Aug 29, 2025
Data Breach / Salesforce

Google has issued a warning regarding the recent surge of attacks on Salesforce instances via Salesloft Drift, revealing that the scope of the breach is wider than initially believed. The advisory advises all Salesloft Drift customers to consider any authentication tokens linked to the Drift platform as potentially compromised. According to the Google Threat Intelligence Group (GTIG) and Mandiant, the attackers utilized stolen OAuth tokens to access emails from a select few Google Workspace accounts on August 9, 2025, following the breach of the OAuth tokens for the “Drift Email” integration. Importantly, this incident does not represent a compromise of Google Workspace or Alphabet itself. Only accounts specifically set up to integrate with Salesloft were at risk; other accounts on a customer’s Workspace remained secure.

Google Issues Warning on Expanded Impact of Salesloft Drift Breach August 29, 2025 In a significant cybersecurity alert, Google has disclosed that the recent attacks targeting Salesforce instances through Salesloft’s Drift platform are far-reaching, affecting all integrations beyond Salesforce. In…

Critical Windows Update: Address 117 Security Flaws, Including 9 Active Zero-Days

July 14, 2021

Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities, among which are nine zero-day flaws—four of which are currently being exploited in the wild, potentially allowing attackers to gain control of affected systems. Out of these vulnerabilities, 13 are classified as Critical, 103 as Important, and one as Moderate in severity. Notably, six of these vulnerabilities were publicly known at the time of the update.

The updates affect a wide range of Microsoft products, including Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code. This month saw a significant increase in the number of vulnerabilities patched, surpassing the totals from May (55) and June (50).

Among the most critical actively exploited vulnerabilities are:

  • CVE-2021-34527 (CVSS Score: 8.8) – Windows Print Spooler Remote Code Execution…

Microsoft Addresses 117 Security Vulnerabilities in July Patch Update, Including Nine Zero-Day Flaws Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities across a wide range of its products. Among these, there are nine…

Over 50 Million LivingSocial Customers Impacted by Cyber Attack

April 27, 2013

LivingSocial, the daily deals platform partially owned by Amazon Inc., has experienced a significant cyber attack that may have compromised the data of over 50 million customers. As a precaution, all affected users will need to reset their passwords. With a global membership of 70 million, the leaked information includes names, email addresses, birth dates, and encrypted passwords, although credit card and financial information remain secure, according to the company. The breach has impacted customers in regions including North America, Australia, New Zealand, the UK, Ireland, Malaysia, as well as LetsBonus users in Southern Europe and Latin America. Affected users are advised to stay vigilant, as the stolen information could be used for phishing attempts. LivingSocial is proactively emailing customers to initiate a password change.

LivingSocial Data Breach Affects 50 Million Customers On April 27, 2013, LivingSocial, a daily deals platform partly owned by Amazon Inc., disclosed that it fell victim to a significant cyberattack impacting the personal information of over 50 million customers. This…

Feds Shut Down $6.4M VerifTools Fake ID Marketplace, Operators Quickly Relaunch on New Domain

Authorities from the Netherlands and the U.S. have successfully dismantled VerifTools, an illegal marketplace supplying counterfeit identity documents to cybercriminals globally. The operation resulted in the seizure of two website domains and a related blog, which now redirect users to a notice about the FBI’s enforcement action under a U.S. District Court warrant. However, just days later, the platform’s operators announced a relaunch at “veriftools.com.” The domain, registered in 2018, now raises questions regarding its administrators’ identities.

Feds Dismantle $6.4M VerifTools Counterfeit ID Marketplace; Operators Quickly Restart on New Domain Authorities from the United States and the Netherlands have successfully shut down VerifTools, a highly illicit marketplace known for selling fake identity documents to cybercriminals worldwide. In…

Suspected Hacker Arrested in Connection with Historic DDoS Attack on Spamhaus

April 27, 2013

Dutch police have arrested a 35-year-old man linked to a colossal DDoS attack on the anti-spam organization Spamhaus that occurred in March. This attack, which peaked at over 300 Gbps, is recorded as the largest DDoS attack ever. Spamhaus, known for creating blacklists that identify spam sites for Internet Service Providers, experienced a severe disruption as its website was overwhelmed with traffic.

Following the attack, Spamhaus enlisted CloudFlare for protection against future threats. The arrest took place in Barcelona under a European arrest warrant, with plans for the suspect’s transfer to the Netherlands. The individual arrested is believed to be Sven Kamphuis, the owner of Dutch hosting company Cyberbunker, which has been connected to the attack. This incident is thought to have been triggered by Spamhaus blacklisting Cyberbunker.

Suspected Hacker Arrested in Connection with Largest DDoS Attack on Spamhaus April 27, 2013 In a significant development for cybersecurity, Dutch law enforcement authorities have confirmed the arrest of a 35-year-old man believed to be involved in the largest Distributed…