HeartCrypt’s wholesale impersonation effort
How the notorious Packer-as-a-Service operation built itself into a hydra
Similar Posts
Ireland’s Data Protection Commission publishes 2024 Annual Report
Bys sThe Data Protection Commission has today launched its Annual Report for 2024 and released the results of its first Public Attitudes Survey. From their press release: Highlights of the 2024 Annual Report The DPC issued 11 finalised inquiry decisions resulting in administrative fines totalling €652 million during 2024. Multiple reprimands and compliance orders were also imposed….
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Bys sGoogle on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted to keep information about the CVE…
Securing CI/CD workflows with Wazuh
Bys sContinuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code is consistently tested, built, and deployed quickly and efficiently. While CI/CD automation accelerates software delivery, it can also introduce security
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Bys sA threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of…
Keenan & Associates settles 2023 data breach litigation for $14M
Bys sKeenan & Associates is a benefits consulting and insurance brokerage provider in California, providing services to several sectors, including healthcare entities and educational facilities. Between August 21, 2023 and August 27, 2023, an unauthorized user accessed information relating to certain of Keenan’s customers, including names, dates of birth, Social Security numbers, passport numbers, driver’s license……
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Bys sPopular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth,