Feb 26, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been… Read More "Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads"
Feb 26, 2025Ravie LakshmananNetwork Security / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan… Read More "CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries"
Feb 26, 2025The Hacker NewsIdentity Protection / Password Security Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However,… Read More "Three Password Cracking Techniques and How to Defend Against Them"
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security… Read More "Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites"
Feb 26, 2025Ravie LakshmananLinux / Endpoint Security Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks… Read More "New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems"
More than a year’s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats… Read More "Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts"
Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats… Read More "SOC 3.0 – The Evolution of the SOC and How AI is Empowering Human Talent"
Feb 26, 2025Ravie LakshmananEnterprise Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on… Read More "CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation"
