June 26, 2024 at 03:11PM The domain polyfill[.]io, used by over 100,000 websites for JavaScript code, has been compromised, serving malicious code like dynamic payloads and leading users to porn and betting sites. The sale of the domain to a Chinese organization has raised security concerns. Website owners are urged to remove references to the … Read more
June 25, 2024 at 10:18AM The FBI warns of cybercriminals masquerading as law firms and lawyers offering cryptocurrency recovery services to scam victims. They deceitfully claim collaboration with government agencies and real financial institutions to gain trust. Scammers ask for personal information, upfront fees, and taxes, resulting in victims losing over $9 million to secondary … Read more
April 25, 2024 at 10:15AM Netcraft warns of threat actors using compromised email accounts to send phishing emails with links to malicious PDF files on Autodesk Drive. Attackers tailor their emails with legitimate senders’ information to appear credible. Recipients are directed to phishing pages and prompted to provide Microsoft account credentials. The attacks are highly … Read more
April 12, 2024 at 03:02PM The FBI issued a warning about a large-scale SMS phishing attack targeting Americans, with scammers posing as road toll collection services. The attacks, ongoing since March 2024, have received over 2,000 complaints. The phishing messages claim recipients owe unpaid tolls and include fake links. Several toll services and law enforcement … Read more
April 8, 2024 at 09:54AM Healthcare and public health (HPH) organizations are being targeted by threat actors aiming to infiltrate corporate networks and divert payments. The US Department of Health warns of a recent attack in which an IT help desk employee was impersonated over the phone to gain network access and initiate unauthorized payment … Read more
March 20, 2024 at 06:21AM The US government and international partners issued another warning about China’s Volt Typhoon cyber gang targeting critical infrastructure, advising protection measures. They emphasized guidance for non-technical senior leaders, urged cybersecurity best practices, and highlighted the importance of incident response plans and securing the supply chain. The advisory reiterated the gang’s … Read more
December 20, 2023 at 10:10AM The Israel National Cyber Directorate issued an urgent warning about a targeted email campaign impersonating F5 Networks, delivering dangerous wiper malware. The attacker capitalized on a critical F5 BIG-IP vulnerability, sending emails from “[email protected]” with an attached file named “update.zip.” The malware can delete F5 servers but cannot spread laterally. … Read more