CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that’s currently under attack.
Автор: Rob Wright
Evilginx Tool (Still) Bypasses MFA
Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
Fake DeepSeek Ads Spread Malware to Google Users
Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers.
Why It’s So Hard to Stop Rising Malicious TDS Traffic
Cybersecurity vendors say threat actors’ abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block.
Cybercriminals Taking Advantage of ‘Shadow’ Alliances, AI
A Europol report says nation-state actors are increasingly working with organized crime networks to achieve geopolitical goals, including the destabilization of the EU.
OBSCURE#BAT Malware Highlights Risks of API Hooking
Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.
China-Backed Hackers Backdoor US Carrier-Grade Juniper MX Routers
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."
Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks
More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.