Security Bulletin

Already exploited by attackers is the "LNK Stomping" method, which involves a Windows shortcut file management vulnerability that disregards Windows Mark of the Web, according to an Elastic Security Labs analysis.

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.

Included in the leaked 227 GB trove of data were individuals' names, addresses, states, counties, cities, and ZIP codes, as well as their Social Security numbers.

Operations of the affected museums, some of which are venues for the Summer Olympics, have not been disrupted, but while Louvre Chief of Staff Matthias Grolier denied the incidence of a ransomware attack, unknown threat actors have threatened to...

While Mobile Guardian disclosed the attack to have impacted a "small percentage" of iOS and ChromeOS devices worldwide, nearly 13,000 iPads and Chromebooks across over two dozen Singaporean secondary schools were noted by the country's Ministry of...

Malicious apps spoofing Alipay or an Android system service have been used to distribute LianSpy, which when executed uses admin privileges to ensure background operation or seeks several permissions to enable extensive device access.

Attackers commenced the operation with the deployment of dropper that could evade protections in Android 13 and newer devices before displaying a fraudulent CRM login page requesting an employee ID, which when performed facilitates the installation...

North Korean threat operation Stressed Pungsan, which is associated with state-backed hacking collective Moonstone Sleet, has sought to compromise Windows systems with a pair of malicious npm packages "harthat-api" and "harthat-hash."

Increasingly prevalent cybersecurity threats and varied security goals among organizations have prompted the addition of a new Investigations Management tool in Flashpoint Ignite, which would enable not only data gathering, asset mapping, and threat...

Attackers using an email address similar to one of the organization's suppliers were able to lure the firm to pay $42.3 million to a Timor Leste-based account, which was only realized to be fraudulent after complaints from the real supplier, reported...

Most of the funds passing through the service, amounting to $80 million, were from high-risk exchanges, while $54 million were from addresses linked to cyberattacks and cryptocurrency exfiltration activities.

Aside from executing PowerShell scripts enabling in-memory operation of ShadowPad and Cobalt Strike retrieval, APT41 also leveraged Mimikatz to facilitate password collection and further information-gathering activities before proceeding with the...