Iranian state-backed hacking group APT 25 (also known as Charming Kitten, Phosphorus, Ajax Security Team, NewsBeef and Newscaster) has updated its attack techniques to carry out a spearphishing campaign targeting US President Donald Trump’s re-election campaign, according to recent research[pdf] by ClearSky Cyber Security. The report states that the new attack

Last month, cybersecurity firm Imperva announced that the data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017. This week, the company published an analysis of the breach, which shows that the incident was made possible by the company

Two European web forums serving sex workers and their customers have been breached by a Bulgarian threat actor who is now selling 330,000 stolen user records on underground marketplaces. The hacker, who uses the moniker InstaKilla, exploited a recently disclosed critical vulnerability in vBulletin in order to steal 300,000 records

A cybercrime victim whose QNAP network-attacked storage (NAS) device was recently infected with Muhstik ransomware decided to try and hack back the attackers, which was a rather successful effort: the victim managed to obtain nearly 3,000 decryption keys for Muhstik ransomware victims, which he released for free. Muhstik ransomware has

Iranian hackers recently targeted a US presidential campaign as well as various government officials (including former officials) and journalists, an investigation by Microsoft found. Between August and September of this year, a total of 241 user accounts were attacked by the infamous Iranian state-backed hacking group known as APT 25,

A new report by Thales and Verint provides an extensive overview of the major threat groups operating in cyberspace. The study looks at the campaigns of around 60 hacking groups over a one-year period. About 50% of the actors under scrutiny were funded by governments and worked to steal confidential

Researchers with Palo Alto Networks say that a hacking group dubbed “PKPLUG” was responsible for a number of previously unattributed cyber-espionage campaigns targeting people in various Asian countries. PKPLUG has been active since at least 2013 and has targeted individuals in Mongolia, Myanmar, Tibet, Vietnam, Indonesia and Taiwan as well as

Earlier this week, the New York Times covered what it referred to as an “attack on Egyptian journalists, academics, lawyers, opposition politicians and human rights activists.” The report was based on recent research by Check Point, which in turn followed a report by Amnesty from March of this year. Check

A security researcher using the moniker “Awakened” has uncovered a security flaw in WhatsApp that could make it possible for hackers to steal data from devices running the popular messaging app merely by targeting users with nefarious GIFs. After a malicious image is sent to the victim’s phone, it will

Customer service software company Zendesk experienced a data breach in 2016 that impacted around 10,000 corporate customers, the company announced on Wednesday. Zendesk found out about the breach through a third-party and launched an investigation into the matter, which confirmed that the compromised data includes the full names, contact information,