Infosec News

North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities. North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities.

Larry Harmon ran the mixer from 2014 to 2017, facilitating more than $300 million worth of cryptocurrency transactions.

Kaspersky's GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.

Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups.

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity.

84% of surveyed organizations want to feel more confident about managing and discovering data input into AI apps and tools.

We demonstrate a novel way how adversaries can move laterally and elevate privileges within Microsoft Entra ID.

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims.

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

Elastic is releasing a threat hunting package designed to aid defenders with proactive detection queries to identify actor-agnostic intrusions.

The filings, part of a lawsuit WhatsApp filed against the NSO Group in 2019, shine a light on how Israel-based NSO Group — a notoriously secretive company — operates the powerful Pegasus spyware on behalf of government customers.

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns.

We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware l...

Delhi police arrested a man suspected of helping to initiate an intrusion into WazirX, one of the country's largest cryptocurrency exchanges.

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

Learn how Mandiant Red Team is using Gemini and LLMs for adversarial emulation and defense.

The Navy implementation scored a 100 percent success rate, meeting DoD requirements on all 91 Target-Level activities tested.​ Learn more.

The updated GHOSTPULSE malware has evolved to embed malicious data directly within pixel structures, making it harder to detect and requiring new analysis and detection techniques.

In a statement late on Wednesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said an investigation that began in late October has revealed a “broad and significant cyber espionage campaign.”

The 2024 Trustwave Risk Radar Report: Retail Sector reveals that cybercriminals have sharpened their tactics, utilizing ransomware and phishing attacks.