New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics – OfficialSarkar

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics – OfficialSarkar

Oct 31, 2024Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. “While the iOS implant delivery method closely mirrors that of the macOS version, the…

LottieFiles Issues Warning About Compromised “lottie-player” npm Package – OfficialSarkar

LottieFiles Issues Warning About Compromised “lottie-player” npm Package – OfficialSarkar

Oct 31, 2024Ravie LakshmananCryptocurrency / Software Development LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library. “On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player…

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites – OfficialSarkar

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites – OfficialSarkar

Oct 31, 2024Ravie LakshmananVulnerability / Website Security A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. “The plugin…

Unveiling Hidden Threats to Corporate Identities – OfficialSarkar

Unveiling Hidden Threats to Corporate Identities – OfficialSarkar

Oct 31, 2024The Hacker NewsIdentity Security / Browser Security In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities…

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack – OfficialSarkar

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack – OfficialSarkar

Oct 30, 2024Ravie LakshmananRansomware / Threat Intelligence Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as…

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware – OfficialSarkar

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware – OfficialSarkar

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta’s advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. “The hackers behind the campaign use trusted brands to expand their reach,” Bitdefender Labs said in a report shared with The Hacker News. “The malvertising campaign leverages nearly a hundred malicious domains,…

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information – OfficialSarkar

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information – OfficialSarkar

Oct 30, 2024Ravie Lakshmanan Browser Security / Vulnerability A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs…

Embarking on a Compliance Journey? Here’s How Intruder Can Help – OfficialSarkar

Embarking on a Compliance Journey? Here’s How Intruder Can Help – OfficialSarkar

Oct 30, 2024The Hacker NewsVulnerability / Compliance Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements…

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code – OfficialSarkar

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code – OfficialSarkar

Oct 30, 2024Ravie LakshmananCybercrim / Cryptocurrency Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims’ crypto wallets. The package, named “CryptoAITools,” is said to have been distributed via both Python Package Index (PyPI) and bogus…

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models – OfficialSarkar

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models – OfficialSarkar

Oct 29, 2024Ravie LakshmananAI Security / Vulnerability A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part…