In brief: a critical cPanel vulnerability exploited in the wild, researchers discover a cyber sabotage tool that predates Stuxnet, and more.
Researchers found that the attackers planted a malicious preinstall script into the packages.
Peter Stokes, aka Bouquet, faces a six-count criminal complaint including charges of wire fraud, conspiracy, and computer intrusion.
Researchers discovered more than 100 malicious domains used to carry out the operations.
Unlike clearly malicious extensions that hide their behavior, these tools openly disclose what they do in their privacy policies.
The compromise itself took less than five minutes from the victimu2019s first click to full system access.
Prosecutors allege that in early 2020, Xu and his associates targeted US-based universities and experts engaged in COVID-19 research.
