Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare.
Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.
We observed an attack campaign abusing exposed Docker remote API servers to deploy cryptocurrency miners. This attack campaign bears the name Commando Cat due to its initial step, which involves the deployment of benign containers generated using the publicly-available Commando project (an open-source GitHub project that creates Docker images on-demand for developers).
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
ValleyRAT is a remote access trojan (RAT) that was initially documented in early 2023. Its main objective is to infiltrate and compromise systems, providing remote attackers with unauthorized access and control over infected machines.
Since 2022, we have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, we unearthed the truth: this backdoor is not merely a variant of existing malware, but is a new type altogether.
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud.