A threat actor called "BlackTech" has been targeting the Asia-Pacific region's technology, research, and government sectors. The attacks deliver an updated version of the modular backdoor named "Waterbear," and its enhanced successor, "Deuterbear." According to Trend Micro researchers, Waterbear is notoriously complex, using multiple evasion mechanisms to avoid detection and analysis. In 2022, "Earth Hundun" started using the new version of Waterbear, which includes several changes, such as anti-memory scanning and decryption routines.

A financially motivated criminal hacking group that calls itself "GhostR" claims to have stolen a confidential database containing millions of records companies use to screen potential customers for links to sanctions and financial crime. The hackers claimed they stole 5.3 million records from the World-Check screening database in March and are threatening to release the data online.

According to a new Egress report, quishing attacks, a type of phishing involving QR codes, have increased significantly, jumping from 0.8 percent in 2021 to 10.8 percent in 2024. The report also highlighted a decrease in attachment-based payloads, which fell from 72.7 percent to 35.7 percent during the same period. Impersonation attacks have persisted, with 77 percent posing as well-known brands, such as DocuSign and Microsoft.

The US Cybersecurity and Infrastructure Security Agency (CISA) held the final round of the fifth annual President's Cup Cybersecurity Competition and announced the winners. The President's Cup is a national competition that honors the top federal cybersecurity talent. This year's winning team, known as "Artificially Intelligent," consisted of members from the Department of Defense (DOD), the US Army, and the US Air Force.

A new infostealer malware linked to "Redline" masquerades as a game cheat called "Cheat Lab," promising downloaders a free copy if they persuade their friends to install it. Redline can steal sensitive data from infected computers, such as passwords, cookies, autofill information, and cryptocurrency wallet information. The malware is popular among cybercriminals and is widely distributed around the world via various channels.

According to a new report from Onapsis and Flashpoint, malicious hackers are increasingly interested in compromising organizations' SAP applications and data. This interest is suspected to be fueled by SAP application migrations to the cloud, as well as adversaries' increased ability to target misconfigurations and missing security patches in both cloud and on-premises deployments. Ransomware attacks against SAP systems have increased 400 percent over the past few years. On hacker forums, talks about SAP flaws and exploits increased by 490 percent, while discu

A threat actor has been using a cluster of domains posing as legitimate IP scanner software sites to distribute malware through a Windows backdoor dubbed "MadMxShell." According to Zscaler ThreatLabz, the threat actor registered multiple look-alike domains using a typosquatting technique. Then they used Google Ads to push the fraudulent domains to the top of search engine results for specific search keywords, luring potential victims to these IP scanner websites.

An exploit of Palo Alto Networks' Extended Detection and Response (XDR) software could have enabled attackers to manipulate it as a malicious multitool. Shmuel Cohen, a security researcher at SafeBreach, explained how he reverse-engineered and cracked the company's Cortex product. He used it to deploy a reverse shell and ransomware.

The Akira ransomware gang has targeted over 250 organizations in the last year and continues to affect various businesses and critical infrastructure entities in North America, Europe, and Australia, according to recent warnings from the Federal Bureau of Investigation (FBI) and European law enforcement.