Cybersecurity Articles
105/68 Tuesday, March 18, 2025 GitHub developers are being targeted in a large-scale phishing campaign that uses fake security alerts to trick users into approving a malicious OAuth app. Attackers send deceptive notifications warning of an “unusual access attempt” from Reykjavik, Iceland, citing a suspicious IP address 53.253.117.8 to create urgency. The notification includes a […]
104/68 Monday, March 17, 2025 Cybersecurity researchers have uncovered a malicious campaign using fake packages in the Python Package Index (PyPI) to steal sensitive data, including cloud access tokens. According to ReversingLabs, 20 malicious packages were identified in two separate sets, collectively downloaded over 14,100 times before being removed from PyPI. The most downloaded malicious […]
103/68 Monday, March 17, 2025 Cybersecurity firm Group-IB has revealed that since August 2024, state-sponsored hacker groups (APT groups) and cybercriminals have increasingly used the ClickFix technique in data-stealing malware attacks. ClickFix is a social engineering deception that leverages JavaScript on web pages to display fake system update alerts or reCAPTCHA verification prompts. When victims […]
102/68 Friday, March 14, 2025 Microsoft has released its March 2025 Patch Tuesday security update, addressing a total of 56 vulnerabilities across various products, including Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. Among these, six zero-day vulnerabilities have been actively exploited […]
101/68 Friday, March 14, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a warning regarding the Medusa ransomware, which has impacted more than 300 organizations across critical sectors such as healthcare, education, law, insurance, technology, and manufacturing since […]
100/68 Thursday, March 13, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities affecting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) Catalog: CISA has identified that the Vietnam-based cybercrime group XE Group is actively exploiting VeraCore vulnerabilities to infiltrate target systems, deploying reverse shells and […]
99/68 Thursday, March 13, 2025 The North Korean state-sponsored hacking group Lazarus has resurfaced, employing typosquatting tactics to distribute malicious npm packages. These fake packages mimic popular ones, tricking developers into downloading and installing malware. Researchers from the Socket Research Team discovered six such malicious packages, which have already been downloaded over 330 times. The […]
98/68 Wednesday, March 12, 2025 The RansomHouse group has claimed responsibility for hacking Loretto Hospital in Chicago, allegedly stealing 1.5TB of data. However, no evidence of the attack has been publicly disclosed yet. Loretto Hospital is a nonprofit healthcare provider founded in 1939, offering services in primary care, behavioral health, women’s health, pediatric medicine, and […]
97/68 Wednesday, March 12, 2025 FortiGuard Labs of Fortinet has reported the discovery of over 1,000 malicious software packages that employ techniques to conceal harmful code within small files, deploying hidden scripts without user awareness. The report highlights emerging cybercriminal attack trends and methods, which could impact both organizations and individual users lacking robust security […]
96/68 Tuesday, March 11, 2025 The U.S. Department of Justice (DOJ) has announced the seizure of the online infrastructure of Garantex, a major cryptocurrency exchange accused of laundering billions of dollars and violating economic sanctions. U.S. authorities, in cooperation with European agencies, seized Garantex’s primary domain and hosting servers, effectively shutting down the platform. Garantex […]
