Author name: Biswajit Pradhan

Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. The Post Millennial is a conservative Canadian online news magazine belonging to the Human Events Media Group, which also operates the American ‘Human Events’ news platform. Earlier this month, both news platforms were hacked, […]

Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia’s financial services industry, focusing primarily on mortgage lending, investment management, and securitization services. Headquartered in Brisbane, Queensland, and employing 460 people,

Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. This fix comes only three days after Google addressed another zero-day vulnerability in Chrome, CVE-2024-4671, caused by a use-after-free weakness in the Visuals component. The latest bug is tracked as CVE-2024-4761. It is an

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. DNS tunneling is the encoding of data or commands that are sent and retrieved via DNS queries, essentially turning DNS, a fundamental network communication component, into a covert communications channel. The threat actors encode

A cybercriminal using the name “salfetka” claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. INC has previously targeted the U.S. division of Xerox Business Solutions (XBS), Yamaha Motor Philippines, and, more recently, Scotland’s National Health Service (NHS). Simultaneously with the alleged sale, the INC Ransom operation is undergoing changes that

The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor ‘Royal Tiger,’ a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. Royal Tiger, a group of bad actors operating from India, the United Kingdom, the United Arab Emirates, and the

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they’re aware of reports that this vulnerability “may have been actively exploited.” The flaw is a memory corruption issue in Apple’s RTKit real-time

A new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign involves several steps and obfuscation layers, including using steganography in a PNG image file to covertly install the Sliver payload on

Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. As New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) warned on Friday, the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients’ systems if launched. The LockBit