New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Read more…

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country’s emergence as an influential power has drawn the attention of cyber espionage groups. “North Korean government-backed actors have Read more…

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. “The state actor behind this Read more…

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. “The majority of the attributed malicious samples targeted financial institutions and government industries,” Read more…

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that’s designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library Read more…