Odd NuGet package for industrial equipment raises espionage concernsLaura FrenchMarch 28, 2024The open-source .NET package stealthily exfiltrates screenshots from BOZHON equipment.
Identity‘Darcula’ phishing platform targets postal organizations worldwideSteve ZurierMarch 28, 2024Netcraft researchers say the Chinese-language PhaaS platform targeted postal organization in more than 100 countries, including USPS.
Network SecurityGoogle: Zero-day exploits increasingly target enterprise technologiesSimon HenderyMarch 28, 2024An analysis found threat actors are increasingly targeting enterprise-specific technologies.
IdentityApple ID ‘push bombing’ scam campaign hits cyber startup foundersLaura FrenchMarch 27, 2024Attackers trigger hundreds of password reset prompts in an attempt to take over iCloud accounts.
Vulnerability ManagementRockwell Automation posts advisories on 10 new bugsSteve ZurierMarch 27, 2024CISA encouraged security teams handling industrial control systems to review and mitigate the Rockwell Automation bugs.
Network SecurityFortinet FortiClient EMS SQL injection flaw exploited in the wildLaura FrenchMarch 26, 2024A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday.
Network SecurityFlaw in Ray AI framework potentially leaks sensitive data of workloadsSteve ZurierMarch 26, 2024Threat actor targets AI workloads, believed to be first exploited in the wild.
Data SecurityGoFetch: Apple chips vulnerable to encryption key stealing attackLaura FrenchMarch 25, 2024Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets.
Network SecurityStrelaStealer malware hits more than 100 EU and US organizationsSteve ZurierMarch 25, 2024Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.