Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

Fake Kling AI Malvertisements Lure Victims With False Promises

Researchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim.

DARKReading
#web
Virgin Media 02 Vuln Exposes Call Recipient Location

A hacker exploiting the security flaw in the mobile provider's network could have potentially located a call recipient with accuracy of up to 100 square meters.

Tenable Adds Third-Party Connectors to Exposure Management Platform

Tenable One now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of an organization's attack surface.

Regeneron Pledges Privacy Protection in $256M Bid for 23andMe

Regeneron's planned acquisition of 23andMe raises significant privacy concerns as experts warn about the lack of comprehensive federal regulations governing the transfer of genetic information.

Bumblebee Malware Takes Flight via Trojanized VMware Utility

An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader.

Large Retailers Land in Scattered Spider's Ransomware Web

The threat group games IT help desks to gain entry into retailer networks, and signs show it has shifted its attention from the UK to US targets.

'Hazy Hawk' Cybercrime Gang Swoops In for Cloud Resources

Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.

Why Rigid Security Programs Keep Failing

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

Novel Phishing Attack Combines AES With Poisoned npm Packages

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

'Operation RoundPress' Targets Ukraine in XSS Webmail Attacks

A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.