Cybersecurity researchers are raising urgent concerns over a troubling campaign exploiting internet-exposed Selenium Grid services for unauthorized cryptocurrency mining. This activity, tracked by cloud security firm Wiz under the name SeleniumGreed, targets outdated versions of Selenium, specifically those released before 3.141.59, and has reportedly been active since at least April…
On April 24, 2024, cloud storage provider Dropbox reported a data breach affecting its digital signature product, Dropbox Sign, formerly known as HelloSign. Unidentified threat actors gained unauthorized access to sensitive user information, including emails, usernames, and general account settings for all Dropbox Sign users. The incident was disclosed in…
In recent weeks, a significant wave of social engineering attacks has emerged, targeting users of Gmail worldwide. Reports indicate that many individuals have received fraudulent phone calls from impersonators claiming to represent Google Support. These calls, which utilize advanced AI technology, are designed to deceive users into revealing their account…
Internet Archive Suffers Major Cybersecurity Incident The Internet Archive, the nonprofit entity renowned for its role in preserving a vast array of digital knowledge, has been struck by a significant cyberattack that has taken both its Archive.org and OpenLibrary.org services offline. This breach not only threatens the integrity of one…
Critical Security Flaw in Acronis Cyber Infrastructure Exploited Cybersecurity firm Acronis has issued a warning regarding a serious security vulnerability in its Cyber Infrastructure (ACI) product, which has reportedly been exploited in active attacks. The vulnerability, designated as CVE-2023-45249, carries a remarkably high CVSS score of 9.8 and is associated…
Czechia and Germany have disclosed that they fell victim to an extensive cyber espionage campaign orchestrated by the Russian-affiliated state-sponsored group known as APT28, which has drawn sharp rebukes from several Western entities, including the European Union (E.U.), NATO, the United Kingdom, and the United States. According to a statement…
Three prominent American banks have recently reported serious data breaches, compromising sensitive personal and account information for hundreds of customers. Citizens Bank, Truist Bank, and First National Bank have confirmed that they have fallen victim to these security incidents and have communicated the details to affected clients and appropriate regulatory…
A recently identified vulnerability in VMware ESXi hypervisors has been under active exploitation by several ransomware groups, raising significant concerns among cybersecurity experts. The flaw, detailed under CVE-2024-37085 and assigned a CVSS score of 6.8, enables attackers to bypass Active Directory integration authentication, thus granting them illicit administrative access to…
Polish Government Institutions Targeted in Sophisticated Malware Attack Linked to Russian Group APT28 In a significant cybersecurity incident, Polish government institutions have fallen victim to a large-scale malware campaign orchestrated by APT28, a nation-state actor associated with Russia. This sophisticated attack involves a multi-faceted approach, utilizing deceptive email tactics designed…
