A newly identified vulnerability, labeled “DoubleClickjacking” by security researcher Paulos Yibelo, exploits a timing-based double-click process to bypass clickjacking protections on prominent websites. DoubleClickjacking builds on traditional clickjacking, where users are tricked into clicking
Cybersecurity researchers have revealed that large language models (LLMs) can generate thousands of new variants of existing malware, which in turn helps the malware avoid detection. By obfuscating malicious JavaScript code, this AI-driven technique challenges traditional malware detection
Cybercriminals are exploiting Google Calendar and other Google services like Gmail, Forms, and Drawings in a large-scale phishing campaign, researchers from Check Point have reported. The campaign manipulates the trusted Google tools to bypass email security measures, allowing attackers to steal
Hackers are targeting Web3 professionals with malware disguised as video conferencing apps, in an effort to steal cryptocurrency and sensitive data. The campaign, active since September 2024, primarily affects users on Windows and macOS. The attack revolves around a fraudulent meeting platform
Hackers are exploiting a critical vulnerability in Cleo’s file transfer software, impacting enterprises globally. The flaw, tracked as CVE-2024-50623, affects Cleo’s Harmony, VLTrader, and LexiCom products, widely used for managing secure data transfers. Cybersecurity firm Huntress revealed that
Independent cybersecurity experts Noam Rotem and Ran Locar have uncovered and reported to vpnMentor a cyber operation that exploited vulnerabilities in public sites, leading to unauthorized access to sensitive customer data, infrastructure credentials, and proprietary source code. This report
A South Korean CEO and five employees were arrested for manufacturing and exporting satellite receivers equipped with Distributed Denial of Service (DDoS) functionalities. This action violated the country’s Act on Promotion of Information and Communications Network Utilization and Information
A new phishing-as-a-service (PhaaS) platform, known as Rockstar 2FA, is enabling adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials and bypass multifactor authentication (MFA). Specifically, AiTM phishing is a technique that uses specialized tools to allow a threat actor to
A major cyberattack has disrupted operations at the Wirral University Teaching Hospital (part of the NHS Foundation Trust), forcing the postponement of surgeries, outpatient appointments, and other procedures. The WUTH is a healthcare organization which operates Arrowe Park, Clatterbridge, and
A North Korea-linked hacking group, Sapphire Sleet, has stolen more than $10 million in cryptocurrency over six months through LinkedIn scams and AI-driven malware. The group, active since 2020, exploits fake profiles to execute sophisticated social engineering campaigns targeting professionals