Sophos researchers have detailed a new Racoon Stealer campaign that underscores the evolution of the information-stealer. According to Sophos, the Racoon Stealer has been distributed through a dropper campaign with the goal of stealing cryptocurrencies, cookies, and other valuable information located on target machines. Researchers confirmed that the campaign had

The NSA recently released guidance regarding Kubernetes to aid organizations in deploying the open-source platform without exposing it to hackers seeking to steal data and processing power. The application is utilized by organizations for managing containerized applications. The guidance was a joint publication that was also authored by the DHS’s

According to new information, a breach of Chipotle’s restaurant email marketing service last month has lead to customers being targeted with phishing lures in seemingly legitimate emails that then harvested users’ credentials. This attack mirrors earlier Nobelium attacks, according to researchers at Inky, who first reported that Chipotle’s email vendor

The US’s Cybersecurity and Infrastructure Security Agency (CISA), Australia’s Cyber Security Centre (ACSC), and the UK’s National Cyber Security Centre (NCSC), and the US FBI recently released an advisory detailing the top 30 most exploited vulnerabilities dating back to 2017. After seven months of 2021, the agencies found that CVE-2017-11882,

Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that

Apple released a fix for a previously undisclosed flaw that appears to have been actively exploited. The patch pertains to iPad iOS 14.7.1 and iOS 14.7.1. The company also released macOS Big Sur 11.5.1 to address the same issue, however, this one lies in a common Apple kernel extension called

According to Japanese security company Mitsui Bussan Secure Directions, Olympics-themed malware is targeting Japanese PCs across the country. The malware was discovered on July 21, just days before the opening ceremony, and is designed to wipe files from target systems. Although the malware does not delete everything, it searches for

According to experts at Kaspersky, Olympic-related phishing attacks have popped up in several different forms, including through fake pages offering streaming services, tickets to events that don’t allow spectators, and fake Olympic Games virtual currency. Kaspersky researchers stated that it’s common for cybercriminals to take advantage of popular sports events

According to researchers from Google’s Threat Analysis Group and Project Zero, attackers exploited a Safari vulnerability to target government officials in Western Europe. The vulnerability was leveraged to send malicious links to government officials via LinkedIn. Google’s research team detected and reported the vulnerability, publishing a blog post on Wednesday

Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that