Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer Read more…
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data Read more…
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. “By targeting the implicit trust Read more…
Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. “These particular vulnerabilities represent a milestone for automated vulnerability Read more…
Google's New Restore Credentials Tool Simplifies App Login After Android Migration Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android’s Credential Manager API, the feature aims to reduce the Read more…
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) Read more…
Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine Nov 04, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described Read more…
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity Oct 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected “threat Read more…
Thief Raccoon – Login Phishing Tool Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password Read more…
INTEL – OSINT and Cyber Intelligence Tool Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity professionals. Pip-Intel utilizes Python-written pip Read more…