Ionut Arghire

The FireScam Android infostealer monitors app notifications and harvests credentials and financial data and sends it to a Firebase database.

Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.

US soldier Cameron John Wagenius was arrested and charged over his suspected connection to presidential phone records leaks.

The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.

Threat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell.

The DoJ has issued a final rule addressing adversaries’ access to and exploitation of Americans’ bulk sensitive personal information.

Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users.

General Dynamics says several benefits accounts were hacked after threat actors targeted employees in a phishing campaign.

American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach.

Adobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists.

Ascension Health says the personal, medical, and payment information of 5.6 million people was stolen in a May 2024 ransomware attack.

Sophos has released patches for a critical-severity firewall vulnerability that could lead to remote code execution.

Bitsight has discovered a BadBox botnet consisting of over 190,000 Android devices, mainly Yandex smart TVs and Hisense smartphones.

The Play ransomware group claims to have stolen sensitive data from donut and coffee retail chain Krispy Kreme.

CISA is urging federal agencies to patch a recent critical vulnerability in BeyondTrust remote access products in one week.

In light of recent Chinese hacking into US telecom infrastructure, CISA has released guidance on protecting mobile communications.

Raccoon Infostealer MaaS operator Mark Sokolovsky was sentenced to 60 months in prison in the US and agreed to pay over $910,000 in restitution.

Fortinet has released patches for a critical-severity path traversal vulnerability in FortiWLM that was reported last year.

Google has released a Chrome 131 update to patch multiple high-severity memory safety vulnerabilities, including three affecting the V8 JavaScript engine.

Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.