Apple Safari exposes users to fullscreen browser-in-the-middle attacks

A weakness in Apple’s Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. By abusing the Fullscreen API, which instructs any content on a webpage to enter the browser’s fullscreen viewing mode, hackers can exploit the shortcoming to make guardrails less visible on Chromium-based browsers and […]

US sanctions firm linked to cyber scams behind $200 million in losses

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. Funnull facilitated virtual currency investment scams (also known as romance baiting and pig butchering) by buying IP addresses in bulk from various cloud service […]

Windows 10 KB5058481 update brings seconds back to calendar flyout

Microsoft has released the optional KB5058481 preview cumulative update for Windows 10 22H2 with seven changes, including restoring seconds to the time display in the calendar flyout for those who previously lost it. The KB5058481 cumulative update preview is part of Microsoft’s “optional non-security preview updates” schedule, typically released at the end of every month. […]

Windows 11 KB5058499 update rolls out new Share and Click to Do features

​​Microsoft has released the KB5058499 preview cumulative update for Windows 11 24H2 with forty-eight new features or changes, with many gradually rolling out, such as the new Windows Share feature and tje Click to Do Preview. The KB5058499 update is part of the company’s optional non-security preview updates schedule, which releases updates at the end of each month to […]

APT41 malware abuses Google Calendar for stealthy C2 communication

The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that exploits Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. The campaign was discovered by Google’s Threat Intelligence Group, which identified and dismantled attacker-controlled Google Calendar and Workspace infrastructure and introduced targeted measures to prevent such abuse in […]

New PumaBot botnet brute forces SSH credentials to breach devices

A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. The targeted nature of PumaBot is also evident by the fact it targets specific IPs based on lists pulled from a command-and-control (C2) server instead of broader scanning of the internet. Targeting surveillance cams Darktrace […]

DragonForce ransomware abuses SimpleHelp in MSP supply chain attack

The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers’ systems. Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to […]