New Windows Themes zero-day gets free, unofficial patches

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy […]

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. This week, security researcher DreyAnd disclosed that CyberPanel 2.3.6 (and likely 2.3.7) suffers from three distinct security problems that can result in an exploit allowing unauthenticated remote root access […]

Russian charged by U.S. for creating RedLine infostealer malware

The United States announced charges today against Maxim Rudometov, a Russian national, for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific infostealers over the past few years. These infostealers, marketed to cybercriminals and sold via subscriptions, enable attackers to steal credentials and financial data and bypass multi-factor […]

New tool bypasses Google Chrome’s new cookie encryption system

A researcher has released a tool to bypass Google’s new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser. The tool, named ‘Chrome-App-Bound-Encryption-Decryption,’ was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses. Although the tool achieves what multiple infostealer operations have already added […]

Russia targets Ukrainian conscripts with Windows, Android malware

A hybrid espionage/influence campaign conducted by the Russian threat group ‘UNC5812’ has been uncovered, targeting Ukrainian military recruits with Windows and Android malware. According to Google’s threat intelligence, the campaign impersonated a “Civil Defense” persona along with a website and dedicated Telegram channel to distribute malware through a fake recruitment avoidance app dubbed “Sunspinner” by […]

US says Chinese hackers breached multiple telecom providers

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity. “The U.S. Government is investigating the unauthorized access to commercial […]

Redline, Meta infostealer malware operations seized by police

The Dutch National Police seized the network infrastructure for the Redline and Meta infostealer malware operations in “Operation Magnus,” warning cybercriminals that their data is now in the hands of law enforcement. Operation Magnus was announced on a dedicated website that disclosed the disruption of the Redline and Meta operations, stating that legal actions based on the seized data […]