Hackers breached the Canadian process-outsourcing giant Telus Digital and may have accessed data belonging to the firm's customers, which include major telecommunications, financial services, healthcare and media businesses. "All business operations … remain fully operational and there is no evidence of disruption to customer connectivity or services," Telus Digital said in a statement late last week. READ MORE...
A suspected wiper attack against medtech giant Stryker has led much of the security community to examine the role of Microsoft Intune. Stryker, a Portage, Mich.-based specialist in surgical equipment, was hacked last week in an attack that affected thousands of mobile devices and other systems. The company, in a regulatory filing, confirmed the attack impacted its Microsoft environment and warned in a customer update that its electronic ordering systems remain unavailable. READ MORE...
Attackers have found yet another innovative way to conduct phishing attacks by abusing the customer support platform LiveChat, using real-time social engineering to steal a range of sensitive user data. Researchers from Cofense's Phishing Defense Center (PDC) discovered a campaign that impersonates Amazon and PayPal to engage with victims via online chat, coercing them through what seems like a trusted, personal interaction to share data such as account credentials, credit card details, etc. READ MORE...
Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses. Banking and fintech have been the hardest hit, accounting for 40 percent of the malicious traffic since February 28, , followed by e-commerce (25%), video games (15%), technology firms (10%), and media and streaming services (7%). READ MORE...
The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research. GlassWorm is a family of malware that first emerged last year with the goal of infecting software developers with infostealers, which attackers would use for downstream attacks. A developer would download a component poisoned by GlassWorm, the malware would steal secrets and credentials, and then the attacker would abuse this access to publish poisoned versions of projects. READ MORE...
In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaign that ultimately delivers the Vidar infostealer, using several different infection chains. READ MORE...
A researcher published "Zombie ZIP," a simple way to change the first part (header) of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests conducted about a week after disclosure, around 60 of 63 common antivirus suites failed to detect malware hidden this way-roughly 95% of engines let it pass. READ MORE...
The US cybersecurity agency CISA on Monday warned that a year-old Wing FTP vulnerability has been exploited in the wild. A free secure FTP server for Windows, macOS, and Linux, Wing FTP supports multiple file transfer protocols and allows administrators to manage and monitor the server remotely from a web-based interface. Tracked as CVE-2025-47813, the medium-severity flaw could lead to the disclosure of the full local installation path of the application. READ MORE...
After decades of development, quantum computing is now becoming increasingly available for advanced scientific and commercial use. The potential marvels range from accelerating drug discovery and materials science, to optimizing complex logistics and financial modeling. But there's a paradox to this trend: Quantum computing also poses a growing threat to data security. The risk is that currently used security methods could eventually be broken by malicious actors using quantum computing. READ MORE...