Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords.
The recently detailed Internet of Things (IoT) botnet Zerobot has been updated with an expanded list of exploits and distributed denial-of-service (DDoS) capabilities.
The highly active Royal ransomware is operated by seasoned threat actors who used to be part of Conti Team One, cybersecurity firm Trend Micro reports.
The Godfather Android banking trojan has been observed targeting over 400 banking and crypto applications in 16 countries, threat intelligence firm Group-IB warns.
Russia-linked Gamaredon, a hacking group known for providing services to other advanced persistent threat (APT) actors, is one of the most intrusive, continuously active APTs targeting Ukraine, Palo Alto Networks’ Unit 42 warns.
A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyberthreat firm Flashpoint reports.
Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs.
Foxit Software has rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor products.
Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK) from the cybersecurity firm SentinelOne.
An analysis conducted by OT and IoT cybersecurity firm Nozomi Networks shows that the Glupteba botnet is still active following Google’s efforts to disrupt the cybercrime operation.
