Pandemic-Influenced Car Shopping: Just Use the Manufacturer API

Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. The pandemic has…

Omicron Phishing Scam Already Spotted in UK

Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. The global pandemic has provided cover for all sorts of phishing scams over the past…

What Are Your Top Cloud Security Challenges? Threatpost Poll

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll! There are myriad…

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio. State-backed adversaries expanded attacks against cloud platform company Zoho and its…

‘Double-Extortion’ Ransomware Data Leaks Skyrocket 935%

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. The ransomware business is booming, and feeble corporate security and a flourishing…

Planned Parenthood Breach Opens Patients to Follow-On Attacks

Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information. Planned Parenthood’s Los Angeles (PPLA) division has been…

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network 

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. AT&T is taking action to take down a botnet…

Hackers are turning to this simple technique to install their malware on PCs

Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments.  Cybersecurity researchers at Proofpoint say…

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for WooCommerce,” installed across 80,000…

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang. A threat actor tracked as WIRTE has been assaulting Middle East governments since…