Cyber Security News

A malicious Chrome installer, ChromeSetup.msi, distributed via drive-by download, delivers a novel Gh0st RAT variant, dubbed Gh0stGambit, that evasively retrieves and executes encrypted payloads.  The RAT is a modified open-source version targeting Chinese-speaking users with...

Threat actors often exploit the cloud services for cryptomining, as doing so allows them to abuse the huge computational resources available.  This enables them to significantly maximize their mining efficiency without bearing any cost. Cybersecurity analysts...

ServiceNow recently disclosed three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178) affecting multiple Now Platform versions, allowing unauthenticated remote code execution and unauthorized file access.  The vulnerabilities, with CVSS scores ranging from 6.9 to 9.3, pose...

A newly discovered vulnerability in Google Cloud Platform (GCP) has raised significant security concerns among users and experts alike. The vulnerability, dubbed "ConfusedFunction," involves GCP's Cloud Functions and Cloud Build services, potentially allowing attackers...

The PKfail vulnerability is a significant security issue affecting over 200 device models of Secure Boot. PKfail is a critical firmware supply-chain issue that undermines the Secure Boot process in the UEFI ecosystem. Secure Boot...

A vulnerability in OpenStack's Nova component has been identified, potentially allowing hackers to gain unauthorized access to cloud servers. This vulnerability, tracked as CVE-2024-40767, affects multiple versions of Nova and poses a serious risk...

A North Korean military intelligence operative has been indicted for orchestrating a series of cyberattacks targeting U.S. hospitals, NASA, and military bases, federal prosecutors announced on Thursday. Rim Jong Hyok, a member of the Andariel...

Hackers make use of the cybercrime supply chain for a multitude of illicit purposes like acquiring and distributing malicious tools, services, and stolen data. This collaboration leads them to execute more sophisticated and widespread attacks...

Red Art Games, a prominent publisher and distributor of limited-edition video games, has fallen victim to a cyberattack. The breach has resulted in the exposure of sensitive customer information, causing widespread concern among its...

The FBI and Google-owned Mandiant have recently revealed a sophisticated North Korean hacking group known as APT45. This group, previously dubbed Andariel, has been conducting cyber espionage campaigns globally since at least 2009. It has...