NSO zero-click iMessage exploit hacks iPhone without need to click links

The IT security researchers at Google have declared the NSO zero-click iMessage exploit as “Terrifying.” Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new…

Brazil investigates use of staff credentials in cyberattacks against government bodies

Following major cyberattacks against central government bodies in Brazil, initial investigations have found that malicious actors have used civil servant credentials to access systems. The finding is among a series…

Google: This zero-click iPhone attack was incredible and terrifying

Google has explained how surveillance company NSO Group developed an exploit that would allow users of its software to gain access to an iPhone and install spyware – without a…

French Users and Orgs Targeted by TinyNuke Info-Stealing Malware

According to security researchers, the TinyNuke banking malware (also known as Nukebot) has resurfaced in a new operation exclusively targeting French users and organizations with invoice-themed email lures. The targets…

REvil/Sodinokibi Ransomware: Origin, Victims, Prevention Strategies

This post is also available in: Danish Cyberattacks have become a part of our reality, but have you ever wondered what might happen if your company gets targeted? You probably…

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

E-commerce’s proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale. The festive season is moving…

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm)…

Top tools for mobile android assessments

Infosec Institute –  Infosec Institute –  We are living in an era where digital transformation has a vital role in our lives. With this expansion, some objects have become indispensable…

Windows 10 Drive-By RCE Triggered by Default URI Handler

There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed. Researchers have discovered a drive-by remote code-execution (RCE) bug…

Are You Guilty of These 8 Network-Security Bad Practices?

Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears. They say the first step in addressing a serious issue…