Names linked to this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture, with ransomware samples used in their attacks including Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

Horizon3.ai researchers on Wednesday released technical details and a proof-of-concept (PoC) exploit for four critical Ivanti vulnerabilities that were first disclosed and patched last month.

A new version of the phishing-as-a-service (PhaaS) platform "Darcula" is launching, with a feature that allows anyone to spoof any brand online, with no technical skill required.

Infostealers became one of the “most significant initial access vectors” in the threat landscape last year, with one threat intelligence company claiming to find over 330 million compromised credentials linked to the malware.

The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.

Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code. Mongoose also has two critical security flaws.

A recent investigation has uncovered a malicious application, DriverEasy, masquerading as a legitimate Google Chrome update to steal user credentials.The malware leverages Dropbox’s API to exfiltrate sensitive information.

While analyzing infrastructure related to Stately Taurus activity targeting organizations in countries affiliated with ASEAN, Unit 42 researchers observed overlaps with infrastructure used by a variant of the Bookworm malware.

North Korea-aligned cybercriminals, known as DeceptiveDevelopment, have been targeting freelance software developers with fake job offers to steal cryptocurrency wallets and login information.

The attack employs an innovative technique that exploits Stripe’s deprecated API to verify card details before exfiltration – ensuring only valid payment information is harvested while maintaining a seamless customer experience that evades detection.