"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency. Read More
Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google.
"The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," Jérôme Segura, senior director of
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware.
"The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit."
The list of identified flaws is as follows -
Zoom, the popular video conferencing platform, has addressed several vulnerabilities across its suite of applications, ranging from privilege escalation to denial-of-service risks. These vulnerabilities, identified with distinct CVE IDs, highlight…
Google has officially released Chrome 132 to the stable channel, bringing critical security updates and feature enhancements to users on Windows, macOS, and Linux. The update, version 132.0.6834.83/84, will be…
Microsoft has disclosed a significant security vulnerability in its Windows Line Printer Daemon (LPD) service, tracked as CVE-2025-21224. This flaw could allow attackers to execute remote code on affected systems,…
In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms. Read More
Microsoft has disclosed a significant vulnerability in its Windows Remote Desktop Gateway (RD Gateway) that could allow attackers to exploit a race condition, resulting in a denial-of-service (DoS) attack. The…
A critical security vulnerability affecting Fortinet’s FortiOS and FortiProxy systems has been actively exploited in the wild, allowing attackers to gain super-admin privileges. The flaw, tracked as CVE-2024-55591, is an…
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday…
Several significant security vulnerabilities have been identified and patched in PowerDNS, a widely used open-source nameserver known for its high performance, flexibility, and scalability. It serves as an alternative to traditional…
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN…
Fortinet has released a security update with the fixes for 15 vulnerabilities that affect multiple products with distinct security issues, ranging from critical to high severity. Among the most severe…