hackers
Hackers exploit critical unpatched flaw in Zyxel CPE devices
Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July. The vulnerability allows unauthenticated attackers to execute arbitrary commands using the ‘supervisor’ or ‘zyuser’ service accounts. Vulnerability intelligence company VulnCheck added the security issue to its database last year on July 12 and […]
Hacker infects 18,000 “script kiddies” with fake malware builder
A threat actor targeted low-skilled hackers, known as “script kiddies,” with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. Security researchers at CloudSEK report that the malware infected 18,459 devices globally, most located in Russia, the United States, India, Ukraine, and Turkey. “A trojanized version […]
US sanctions Chinese firm, hacker behind telecom and Treasury hacks
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. “Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People’s Republic […]
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. The campaign was recently discovered by incident response firm SpearTip, who said the attacks began on January 6, 2025, targeting the Azure Active Directory Graph API. The researchers warn that the brute-force attacks have to successful account […]
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected […]
Russian ISP confirms Ukrainian hackers “destroyed” its network
Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announced on Tuesday they had breached Russian internet service provider Nodex’s network and wiped hacked systems after stealing sensitive documents. “The Russian internet provider Nodex in St. Petersburg was completely looted and wiped. Data exfiltrated, while the empty equipment without backups was left to them,” the […]
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. KerioControl is a network security solution designed for small and medium-sized businesses that combines firewall, VPN, bandwidth management, reporting and monitoring, traffic filtering, AV protection, and intrusion prevention. On December 16, 2024, […]
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. Researchers at Datadog Security Labs, who spotted the attacks, say that SSH private keys and AWS access keys were also stolen from the compromised systems of hundreds of […]
Russian hackers hijack Pakistani hackers’ servers for their own attacks
The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156’s infrastructure to launch their own covert attacks on already compromised networks. Using this tactic, Turla (aka “Secret Blizzard”) accessed networks Storm-0156 had previously breached, like in Afghan and Indian government organizations, and deployed their malware tools. According to a report […]
US charges five linked to Scattered Spider cybercrime gang
The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. Between September 2021 and April 2023, they were able to steal millions from cryptocurrency wallets using victims’ credentials stolen in SMS phishing attacks targeting dozens of targets, including both individuals […]