Fake KPSPico Windows activator tool KPSPico steals crypto wallet data

The malware is dubbed CrypBot is essentially an information stealer that can obtain credentials for cryptocurrency wallets, browsers, credit cards, browser cookies, and capture screenshots from compromised devices. Cybersecurity solutions…

Mozilla properly fuzzed NSS and still ended up with a simple memory corruption hole

When it comes to fuzzing, Mozilla has plenty of cred, and has been doing so for some time, and yet, its prized Network Security Services (NSS) library was busted by…

Yanluowang Ransomware Tied to Thieflock Threat Actor

Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research. A threat actor previously tied to the Thieflock ransomware operation…

Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam

The attacks started in July 2021 in which threat actors exploited Microsoft MSHTML vulnerability to target overseas Iranians. SafeBreach Labs researchers discovered a new Iranian threat actor trying to steal…

Mozilla ends support for Firefox Lockwise password management app, strands iOS users

Farewell, sweet prince. Image: Mozilla Mozilla has emailed its Lockwise users to inform them that on December 13, it will be ending support for its Lockwise password management app. Lockwise…

Ransomware Phishing Emails Sneak Through SEGs

The MICROP ransomware spreads via Google Drive and locally stored passwords. Secure email gateway (SEG) protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if…

A full analysis of the BlackMatter ransomware

BlackMatter is the name given the most recent ransomware in the wild and equipped with the tools and techniques from DarkSide, REvil and LockBit 2.0 ransomware families.  BlackMatter is a…

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info. A new Magecart…

New malware lures fake Chrome update to attack Windows PCs

The prime target of this malware campaign is unsuspecting users on Windows 10. Rapid7 Managed Detection and Response team has shared details of their newly identified malware campaign, urging unsuspecting…

Snake Malware Used in Multiple Campaigns

The Snake password-stealing trojan that has been functioning since November 2020 is becoming increasingly prevalent among cybercriminals, becoming one of the most often exploited malware families in cyberattacks. A Look…