Latest Cybersecurity News and Articles


William Wragg resigns from two Commons roles after divulging MPs’ phone numbers

08 April 2024
William Wragg resigns from two Commons roles after divulging MPs’ phone numbers Tory MP resigns committee roles after apology for role in parliamentary sexting scandalThe Conservative MP who divulged colleagues’ personal phone numbers to someone he met on a dating app as part of a parliamentary sexting scandal has stepped down from two Commons roles, it has been reported.William Wragg has resigned as chair of the Commons’ public administration and constitutional affairs committee and also quit his post as the vice-chair of the 1922 Committee of Conservative backbenchers after admitting to giving the information to a man he met, according to reports. Continue reading...

Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions

08 April 2024
The threat actor behind the fake e-shop campaign leverages tools such as the open-source string obfuscator “Paranoid” and the Janus WebRTC module, showcasing a deep understanding of technological intricacies to evade detection and amplify impact.

No 10 tells MPs to be cautious about unsolicited messages after attempted ‘honeytrap’

08 April 2024
No 10 tells MPs to be cautious about unsolicited messages after attempted ‘honeytrap’ Message comes as pressure builds on Tories to take disciplinary action against MP William WraggUK politics – latest updatesDowning Street has urged MPs to be cautious when responding to unsolicited messages, after the “spear-phishing” attack that targeted more than a dozen MPs, staff and journalists working in Westminster.Number 10 issued the warning on Monday morning, days after two police forces launched an investigation into what is being described as an attempted “honeytrap”. Continue reading...

Hotel Check-In Terminal Leaks Rafts of Guests' Room Codes

08 April 2024
Martin Schobert at Swiss security firm Pentagrid discovered that an attacker could input a series of six consecutive dashes (------) in place of a booking reference number and the terminal would return an extensive list of room details.

Fake Facebook MidJourney AI Page Promoted Malware to 1.2 Million People

08 April 2024
Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.

Google Sues Crypto Investment App Makers Over Alleged Massive “Pig Butchering” Scam

08 April 2024
Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

08 April 2024
Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox

Hackers can Use AI Hallucinations to Spread Malware

08 April 2024
One security researcher investigating AI-hallucinated libraries said late last month that he found chatbots calling for a nonexistent Python package dubbed "huggingface-cli."

Security leaders discuss the U.S. Treasury's concerns regarding AI

08 April 2024
The U.S. Department of the Treasury released a report regarding cybersecurity threats in the financial sector, specifically related to AI. 

Over 92,000 Internet-Facing D-Link NAS Devices can be Easily Hacked

08 April 2024
A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link NAS device models.

US Chamber of Commerce, Industry Groups Call for 30-Day Delay in CIRCIA Rules

08 April 2024
The U.S. Chamber of Commerce and multiple industry leaders are calling for a month-long extension of the 60-day comment period for a new incident reporting rule being issued by the top cybersecurity agency in the U.S.

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

08 April 2024
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve

The Drop in Ransomware Attacks in 2024 and What it Means

08 April 2024
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure

Permiso Secures $18.5 Million in Series A Funding to Fortify Cloud Identity Security Landscape

08 April 2024
According to Silicon Angle, this significant injection of capital is spearheaded by Altimeter Capital Management LP, with notable participation from Point72 Ventures LLC, marking a new milestone for the company founded in 2020.

UK: Police Launch Inquiry After MPs Targeted in Apparent ‘Spear-Phishing’ Attack

08 April 2024
A police investigation has been launched after MPs were apparently targeted in a “spear-phishing” attack, in what security experts believe could be an attempt to compromise the UK Parliament.

Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

08 April 2024
Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.

Persistent Magento Backdoor Hidden in XML

08 April 2024
Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware.

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

08 April 2024
A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email

Google Sues App Developers Over Fake Crypto Investment App Scam

08 April 2024
Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

06 April 2024
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of