December 15, 2023 at 07:21PM Ledger, a cryptocurrency wallet maker, was targeted by a malicious code inserted into its Connect Kit JavaScript library. The code rerouted funds to a hacker’s wallet, resulting in a loss of over $610,000. Despite security measures, a former employee’s compromised credentials were exploited. Ledger asserts the issue has been addressed, … Read more
December 4, 2023 at 04:47PM A US aerospace company was the target of a yearlong cyberespionage campaign by a group named “AeroBlade.” Using phishing emails with Word documents, the attackers injected malicious templates to deploy a reverse shell, collecting data and ensuring persistence. Advanced stealth tactics allowed them to evade detection, suggesting a commercial espionage … Read more
December 4, 2023 at 02:24PM Hershey disclosed a phishing attack that compromised the personal and financial information of 2,214 people. The breach occurred in September, allowing unauthorized access to varied sensitive data. Hershey has since increased security measures and is offering two years of free credit monitoring to those affected, without additional compensation. High-profile cyberattacks … Read more
November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more
November 17, 2023 at 06:36PM The official Twitter account for Bloomberg Crypto directed users to a deceptive website in a phishing attack. The link led to a Telegram channel with 14,000 members, urging visitors to join a fake Bloomberg Discord server. Scammers took advantage of Bloomberg’s previous Telegram link, which remained active, and used it … Read more
November 17, 2023 at 06:07PM The official Twitter account for Bloomberg Crypto was hacked, leading users to a deceptive website used in a phishing scam. The compromised profile contained a link to a fake Telegram channel, which redirected users to a fake Bloomberg Discord server. The server prompted visitors to use a phishing website to … Read more
November 16, 2023 at 11:45AM Google’s Threat Analysis Group (TAG) has disclosed that a zero-day exploit in Zimbra Collaboration Suite was used to steal email data from government organizations worldwide. The vulnerability (CVE-2023-37580) was made public in July, and it allows attackers to execute malicious code through specially crafted URLs sent via email. Google observed … Read more
October 18, 2023 at 05:22PM Taiwan-based network equipment vendor D-Link confirms data breach but denies hacker’s claims of severity. Investigation reveals that the stolen data is outdated and doesn’t contain personally identifiable or financial information. D-Link believes the breach occurred through a successful phishing attack on an employee and assures customers that they are unlikely … Read more
October 18, 2023 at 10:53AM D-Link has confirmed being targeted by cyber criminals but downplayed the impact. Only around 700 stolen records were determined, contradicting the claim of 3 million in a hacking forum post. The data came from an old D-View 6 system in a test lab environment and included low-sensitive information. D-Link is … Read more
October 18, 2023 at 09:30AM D-Link has completed its investigation into a hacker’s claims of a data breach and determined that the claims were exaggerated. The company confirmed a breach but stated that only 700 records, not 3 million, were compromised. The stolen data is believed to be from an old D-View 6 system, and … Read more