Security Intelligence

Emerging Mamba 2FA phishing kit biting M365 user accounts

New phishing-as-a-service (PhaaS) platform, Mamba 2FA, surfaces threatening Microsoft 365 user accounts.

Security Intelligence

High-severity zero-day vulnerability in Qualcomm chips actively exploited

Qualcomm releases update to address an actively exploited zero-day vulnerability impacting dozens of its chipsets used...

Security Intelligence

Apple fixes flaw that dictates passwords out loud

Apple has addressed two flaws, including one that allows iPad and iPhone users’ passwords to be read out loud by the...

Security Intelligence

These aren’t your grandmother’s ‘warm cookies’

SocGolish observed targeting users in France with fake browser updates that install WarmCookie backdoor.

Security Intelligence

Golden Chickens lays ‘More_eggs’ malware

Golden Chickens observed leveraging job-themed lures to compromise human resources employees with ‘More_eggs’ backdoor.

Security Intelligence

Operation Cronos continues game of whack-a-mole with LockBit

The Operation Cronos Task Force arrests four suspects linked to the prolific ransomware gang LockBit.

Security Intelligence

NK-based APT compromises German missile manufacturer via phishing scam

North Korean state-sponsored cyber actors Kimsuky blamed for compromise of German missile and ammunition manufacturer...

Security Intelligence

Critical NVIDIA vulnerability could allow full host takeover

NVIDIA addresses a critical vulnerability in Container Toolkit, a library used for accessing NVIDIA GPU hardware on 35%...

Security Intelligence

Kia avoids potential hack of millions of vehicles

Kia updates its dealer web portal to address vulnerability that could allow silent unauthorized access to millions of...

Security Intelligence

CISA warns threat actors targeting water, other industrial systems

CISA warns threat actors actively attempting to breach systems associated with water and other critical infrastructure...

Security Intelligence

Critical vulnerability in Ivanti vTM now exploited

CISA adds critical vulnerability in Ivanti’s vTM to its Known Exploited Vulnerabilities catalog.

Security Intelligence

U.S. proposes ban on Chinese/Russian connected vehicles

White House proposes a ban on the import and sale of connected vehicles built by companies with a Chinese or Russian...