Security Intelligence

A tale of two CVEs: Dispute over CrushFTP’s recent vulnerability

Confusion ensues after two different CVEs are assigned to the same actively exploited CrushFTP vulnerability.

Security Intelligence

FIN7 delivers Anubis backdoor via compromised SharePoint sites

FIN7 observed deploying its Anubis backdoor to gain unauthorized access to Windows systems.

Security Intelligence

Hidden ‘doggy door’ found in Chinese-made robot dogs

Researchers uncover hidden ‘doggy door’ in China-based Unitree Robotics' Go1 robot dogs.

Security Intelligence

Thunderstruck! Malicious ads for RVTools lead to ThunderShell payload

Field Effect security intelligence tracks malvertising campaign that tricks users into downloading ThunderShell-laced...

Security Intelligence

North Korea’s IT worker scheme expands into Europe

North Korean IT worker scheme expands into Europe and other countries.

Security Intelligence

XinXin group offers new ‘dreamy’ PhaaS platform

Cybersecurity researchers reveal highly sophisticated PhaaS platform, dubbed ‘Lucid’, that has targeted 169...

Security Intelligence

New Crocodilus malware snaps up crypto wallets

Newly discovered Android malware, dubbed Crocodilus, targets cryptocurrency users by stealing their wallet seed phrases

Security Intelligence

Hakuna magotchya! Look out for new Morphing Meerkat PhaaS platform

Researchers identify new phishing-as-a-service (PhaaS) platform, called Morphing Meerkat, that employs DNS over HTTPS...

Security Intelligence

Critical sandbox escape flaws in Firefox and Chrome patched

Mozilla and Google release updates to fix a critical sandbox escape flaws in Firefox and Chrome browsers.

Security Intelligence

FamousSparrow hatches two new backdoor variants in latest campaign

China-linked threat actor FamousSparrow targets U.S. trade association, Mexican research institute with enhanced...

Security Intelligence

140 online platforms targeted by new Atlantis credential stuffer

New cybercrime platform called 'Atlantis AIO' that offers automated credential stuffing services targeting 140 online...

Security Intelligence

'Immersive World' AI chatbot jailbreak technique no fantasy

New 'Immersive World' AI jailbreak technique exploits LLM storytelling capabilities to bypass their safety restrictions.