Credentials of roughly 100K npm users impacted in GitHub OAuth breach
GitHub said it is confident that the attackers did not alter any published packages in the registry, or publish any new versions to existing packages.
Cybersecurity News - Page 254
Russia-linked Turla APT caught spying on entities in Austria, Estonia
The group targeted the Austrian Economic Chamber, the Baltic Defense College, and a NATO platform for cyber-espionage purposes.
Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks
The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
US automaker General Motors hit with credential stuffing attack
Social Security numbers and driver’s license details weren’t compromised, the company said.
Popular Python and PHP libraries altered to steal AWS keys
In both cases the attacker appears to have taken over packages that have not been updated in a while.
Conti ransomware group shuts down operation, but doesn’t go out of business
The security researchers have warned that the gang hasn’t gone anywhere, but simply split into smaller, more novel brands.
Hackers target infosec community with fake PoC exploits delivering Cobalt Strike
A threat actor published malware disguised as two PoC exploits for CVE-2022-24500 and CVE-2022-26809 on GitHub.
China-linked Twisted Panda APT spied on Russian defence research orgs
Twisted Panda has been targeting a holding company within the Russian state-owned Rostec Corporation with spear-phishing attacks since at least June 2021.
Predator spyware targeted Android users with zero-day exploits
The campaigns leveraged five zero-day flaws in Chrome and Android OS to plant the Predator spyware.
Pro-Russian hackers spread disinformation to demoralize Ukraine, divide from allies
Some of the falsehoods targeted Russian domestic audiences, underscoring Russia’s need to sell the war to its own people.
Showing elements 2531 - 2540