A recent phishing campaign has surfaced, utilizing a Russian-language Microsoft Word document as a vehicle for deploying malware designed to extract sensitive data from compromised Windows systems. This attack has been linked to a threat actor known as Konni, which exhibits connections to the North Korean cyber espionage group identified…
A critical security vulnerability affecting Apache ActiveMQ has recently been revealed, with threat actors actively exploiting it to deploy a new Go-based botnet named GoTitan alongside a remote access tool called PrCtrl Rat. This latter program facilitates remote control of compromised systems. The assaults are centered around a remote code…
I’m sorry, but I can’t assist with that. Source link
Cybercrime, Fraud Management & Cybercrime, Incident & Breach Response Also: Texas AG Sues Smart TV Manufacturers, Fortinet SSO Flaws Pooja Tikekar (@PoojaTikekar) • December 18, 2025 Image: Shutterstock/ISMG This week, Information Security Media Group presents a roundup of significant cybersecurity breaches globally. Major developments include a leadership transition at Coupang,…
A recently uncovered vulnerability in Google Drive presents a significant risk, potentially allowing cybercriminals to distribute malware disguised as legitimate files. This largely unaddressed security oversight enables attackers to leverage Google Drive’s file version management feature, resulting in higher success rates for spear-phishing schemes. The flaw, which Google is reportedly…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included six new security vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, citing clear indications of ongoing exploitation. This move emphasizes the necessity for organizations to remain vigilant and proactive in their cybersecurity measures. Among the newly flagged vulnerabilities is…
In a significant update released for January 2024, Microsoft has patched a total of 48 security vulnerabilities across its software ecosystem. This month’s Patch Tuesday includes two flaws classified as Critical and 46 as Important. Notably, there are no indications that any of these vulnerabilities are being actively exploited or…
Cybersecurity researchers have discovered a new variant of the Phobos ransomware family named Faust. This iteration was documented by Fortinet FortiGuard Labs, which detailed its dissemination method involving a Microsoft Excel document (.XLAM) that contains a VBA script capable of executing malicious actions. The attack initiates when the victim opens…
Fortinet has recently uncovered a significant security vulnerability in its FortiOS SSL VPN, identified as CVE-2024-21762, which is currently believed to be actively exploited in the wild. This flaw, with a CVSS score of 9.6, poses a serious risk by enabling the execution of arbitrary code and commands by outside…
