Zach Rice, creator of Gitleaks, releases Betterleaks with BPE tokenization achieving 98.6% recall vs entropy's 70.4%. Drop-in replacement now available.
Camaro Dragon weaponized missile strike lure documents to deploy PlugX backdoor against Qatari targets, exploiting Operation Epic Fury tensions for access.
North Korean APT37's Ruby Jumper campaign uses RESTLEAF, THUMBSBD, and FOOTWINE malware to exfiltrate data from isolated systems via USB drives.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
Storm-1811 actors flood inboxes with spam, then call via Microsoft Teams posing as IT support. Quick Assist grants access for A0Backdoor deployment.
GlassWorm supply chain attack spreads via 72 Open VSX extensions using invisible Unicode obfuscation. Targets crypto wallets, API tokens, and CI/CD pipelines.
Attackers compromised AppsFlyer's domain registrar to inject crypto-stealing JavaScript into their Web SDK. The malware swaps wallet addresses for Bitcoin, Ethereum, Solana, and more.
Attackers compromised 889 Starbucks Partner Central accounts using fake login portals, exposing employee names, Social Security numbers, and bank details.
Microsoft exposes Storm-2561 campaign using SEO manipulation to distribute fake Cisco, Fortinet, and Ivanti VPN clients that steal enterprise credentials.
Global law enforcement operation spanning 72 countries arrests 94 cybercriminals and dismantles 45,000 malicious IPs tied to phishing, ransomware, and fraud networks.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.