Microsoft 365 users should be aware of a new threat actor offering their services as a phishing-as-a-service platform to conduct Adversary-in-the-Middle (AiTM) attacks for a monthly fee. Called Mamba2FA, not to be confused with Mamba ransomware, the malware targets Microsoft 365 users with well-craf
Law enforcement agencies from 12 countries have collaborated to arrest four individuals associated with the LockBit ransomware gang. Along with the arrests' law enforcement officials seized servers critical to the ransomware gang's operations. Regarding the arrests, a suspected developer of LockBit
In HP Wolf Security's Threat Insights Report September 2024, security researchers detailed a targeted attack in which the threat actors used Generative Artificial Intelligence (AI) to write malware code. This trend has grown since AI tools like ChatGPT were released to the public. In June 2024
According to a recently published report by Recorded Future's Insikt Group, security researchers uncovered a massive info stealer malware operation encompassing approximately 30 campaigns. The targets include a broad spectrum of demographics, including prominent gamers and online streamers. The cam
In a highly sophisticated remote attack, pagers used by Hezbollah members in both Lebanon and Syria exploded. The detonations happened almost simultaneously, killing at least nine people, including an 8-year-old girl, and wounding thousands more. Associated Press reports that Israel conducted
A recently discovered and patched Windows vulnerability, CVE-2024-43461, has been seen used in the wild by the advanced persistent threat (APT) group Void Banshee. Microsoft describes the vulnerability as a "Windows MSHTML spoofing vulnerability" and first disclosed it to the public following Septem
In what is most likely the first criminal case involving artificially increasing music streams, one musician has been charged with fraudulently inflating music streams. Michael Smith was charged with developing a scheme to create hundreds of thousands of songs with artificial intelligence and using
MacroPack, a framework developed by security researchers for red team exercises, has been abused by various threat actors to deliver several malware payloads to victims. Cisco Talos discovered that threat actors were using MacroPack to deploy malicious payloads that included Havoc, Brute Ratel, and
In a recent filing to the U.S. Securities and Exchange Commission (SEC), oil and gas services giant Halliburton revealed they had suffered a cyberattack that disrupted the company's IT systems and business operations. According to the filing, the company reported the attack on August 21, 2024.
In recently published research, researchers at security firm ESET discovered a zero-day vulnerability impacting WPS Office for Windows. WPS Office, developed by Chinese firm Kingsoft, is incredibly popular in Asia. Reportedly, it has over 500 million active users worldwide. ESET researchers discove