Security Bulletin

From Liminal: The impact of GenAI on the fraud detection and prevention market.

In a time of increasingly sophisticated cross-domain attacks, relying solely on automated solutions isn't enough.

Widely used apps, including Google Chrome and Visa, have been impersonated by ToxicPanda, which when installed not only aims for privilege escalation and user input modification but also one-time password compromise to facilitate on-device fraud...

Attackers behind the Singtel breach utilized a web shell, noted sources close to the matter. Such a webshell was previously reported by Lumen researchers to have been planted on an anonymous Singaporean entity to secure credentials that were later...

Typosquatted packages for Puppeteer, Bignum.js, and 285 other libraries have been leveraged by threat actors to enable malware compromise and persistent machine access, according to an analysis from Phylum.

When it comes to landing a job in cybersecurity, what does it take to stand out from the pack? Try playing games.

The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself.

The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.

Bomb threats aimed at polling places traced back to an email account based in Russia.

Researchers say they’ve seen continued reports of these automated email campaigns on the DocuSign community forums for the past five months.

Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.