[ad_1] Hacking group StrongPity APT distributes fake Shagle chat app which is a trojanized version of Telegram app for Android with an additional backdoor. Shagle is a legit random video chat platform allowing strangers to talk through an encrypted communication…
[ad_1] GitHub has introduced a new option to configure code analysis for a repository called "default configuration", designed to help developers configure it automatically with just a few clicks. While the CodeQL code analysis engine, which powers GitHub's code analysis,…
[ad_1] Kinsing malware now actively breaches Kubernetes clusters by exploiting known weaknesses in container images and misconfigured and exposed PostgreSQL containers. While these tactics aren't new, Microsoft's Defender for Cloud team reports that they've seen an increase lately, indicating that…
[ad_1] Online marketplaces selling drugs and other illegal substances on the dark web have started using custom Android apps for increased privacy and to evade law enforcement. Besides ordering, these apps allow store customers to communicate with drug sellers and…
[ad_1] Microsoft has fixed a known issue that breaks provisioning on Windows 11 22H2 systems and leaves enterprise endpoints partially configured and fails to complete installation. The problem was first recognized in October 2022, when Redmond stated that using provisioning…
[ad_1] Auth0 fixed a remote code execution vulnerability in the hugely popular open-source "JsonWebToken" library, used by over 22,000 projects and downloaded over 36 million times per month on NPM. The library is used in open source projects created by…
[ad_1] Threat actors abused an open redirect on the official UK Department for Environment, Food and Rural Affairs (DEFRA) website to direct visitors to fake adult dating sites OnlyFans. OnlyFans is a content subscription service where paid subscribers have access…
[ad_1] Threat authors use a well-designed Pokemon NFT card game website to distribute NetSupport remote access tool and take control over victims' devices. pokemon go website[.]io", which is still online at the time of writing, claims to be home to…
[ad_1] Windows 7 Professional and Enterprise editions will no longer receive Extended Security Updates for Critical and Important vulnerabilities starting Tuesday, January 10, 2023. Microsoft launched the old operating system in October 2009. It has reached its end of support…
[ad_1] Six malicious packages on PyPI, the Python Package Index, have been discovered installing information-stealing and RAT (remote access Trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for the remote access. Malicious packages attempt to steal sensitive user…
