Security News

The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.

On the Dark Web, stolen secrets are your enemy, and context is your friend.

WordPress users of miniOrange’s Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw.
The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins –

Malware Scanner (versions

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America.
“The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated

The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. […]

On February 29, US President Joe Biden announced “unprecedented actions to ensure that cars on US roads from countries of concern like China do not undermine our national security.” He asked the Commerce Department to launch an advanced rulemaking (ANPRM) on connected vehicles with technology from those countries and to take action to respond to the risks.

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft’s Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. […]