Cybersecurity News - Page 44

Discussions in dark net reveal that threat actors are claiming to have used HexStrike AI to successfully exploit three recently disclosed Citrix bugs.

The breach stems from compromised OAuth credentials used in the Drift-Salesforce integration.

TamperedChef is designed to steal sensitive data such as credentials and browser cookies.

A network of fake call centers employed individuals who posing as representatives of financial institutions tricked victims into transferring funds to “safe” accounts.

ThreatFabric says this shift is partly a response to Google's new security pilot programs.

The group used a dual-driver strategy in the campaign, deploying a known vulnerable Zemana driver for Windows 7, and the WatchDog driver for newer Windows 10 and 11 systems.

The attackers used tampered update mechanisms, phishing websites, and cloud-based infrastructure to deploy malware and steal sensitive data.

The attackers used Velociraptor, typically employed in digital forensics and incident response, to gain control of compromised systems.

The campaign aims to trick users into authorizing attacker-controlled devices via Microsoft’s device code authentication process.

The flaw, tracked as CVE-2025-55177, affects certain versions of WhatsApp for iOS and macOS.