Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances. Critical security vulnerabilities in SonicWall’s Secure Mobile Access (SMA) 100-series VPN appliances could allow an unauthenticated, remote user to…

Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators

The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely. Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up…

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing. One year after…

Microsoft seizes domains used to attack 29 governments across Latin America, Caribbean, Europe

Microsoft has announced the seizure of dozens of domains used in attacks by the China-based APT group Nickel on governments and NGOs across Europe, the Americas and the Caribbean.  In…

Court hands Microsoft control of websites linked to spying by Chinese hackers

Written by Tim Starks Dec 6, 2021 | CYBERSCOOP Microsoft obtained a court order to seize websites from a Chinese government-linked espionage group that was using the sites to attack…

Researchers Reveal More Details About SideCopy, the Pakistani Threat Actor Group

A hacking group from Pakistan managed to perform Facebook, Twitter, and Google sensitive credentials theft. It seems that its targets were Afghan ministries and a shared government computer from India.…

Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam

The attacks started in July 2021 in which threat actors exploited Microsoft MSHTML vulnerability to target overseas Iranians. SafeBreach Labs researchers discovered a new Iranian threat actor trying to steal…

A Microsoft MSHTML Exploited By Hackers

It seems that a newly found Iranian threat actor is stealing Google and Instagram credentials from Farsi-speaking targets all around the world employing a new PowerShell-based stealer named PowerShortShell. The…

GoDaddy Breach Widens to Include Reseller Subsidiaries

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. The GoDaddy…