Donut and Sliver Frameworks

Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks

Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks Jul 03, 2024NewsroomCyber Attack / Malware Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, “leverage target-specific infrastructure and custom WordPress Read more…

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. “The threat actor created a Facebook account with a fake identity disguised as a Read more…

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, Read more…

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Apache Cordova App Harness Targeted in Dependency Confusion Attack Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious Read more…

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. “The OpenJS Foundation Cross Project Council received a suspicious series of Read more…