hackers
-
Blog
Bluetooth flaws could let hackers spy through your microphone
Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected. The list of impacted products includes speakers, earbuds, headphones, and wireless microphones. The security problems could…
Read More » -
Blog
Scattered Spider hackers shift focus to aviation, transportation firms
Hackers associated with “Scattered Spider” tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors These threat actors have employed a sector-by-sector approach, initially targeting retail companies, such as M&S and Co-op, in the United Kingdom and the United States and subsequently shifting their focus to insurance companies. While the threat actors were…
Read More » -
Blog
Hackers are using Microsoft 365 features to bombard enterprises with phishing emails – and they’ve already hit more than 70 organizations
Security experts have warned of a new phishing campaign which exploits Microsoft’s 365’s Direct Send feature to steal credentials – and they’ve already hit more than 70 organizations. Direct Send is a feature in Exchange Online that allows devices and applications to send emails within a Microsoft 365 tenant. It uses a smart host with a format like “tenantname.mail.protection.outlook.com“. Intended…
Read More » -
Blog
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. The hackers rely on legitimate AWS cloud services (AWS, Cloudfront, API Gateway, Lambda) to keep the command and control (C2) infrastructure hidden. ClickOnce is a deployment technology from Microsoft that…
Read More » -
Blog
Hackers turn ScreenConnect into malware using Authenticode stuffing
Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s Authenticode signature. ConnectWise ScreenConnect is a remote monitoring and management (RMM) software that allows IT admins and managed service providers (MSPs) to troubleshoot devices remotely. When a ScreenConnect installer is built, it can be customized to include the remote server…
Read More » -
Blog
Ransomware victims are getting better at haggling with hackers
Nearly half of companies paid a ransom to get their data back last year, according to new research, but they’re taking a hard line with hackers to strike fair deals. In its latest State of Ransomware report, Sophos said this was the second highest rate of ransom payments in six years. However, more than half (53%) paid less than the…
Read More » -
Blog
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its increased usage by governments worldwide.…
Read More » -
Blog
BitoPro exchange links Lazarus hackers to $11 million crypto heist
The Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025. The company has attributed the attack to Lazarus based on the evidence recovered from its internal investigations. It notes that the attack patterns and methodology closely resemble those used in…
Read More » -
Blog
North Korean hackers deepfake execs in Zoom call to spread Mac malware
The North Korean BlueNoroff hacking group is deepfaking company executives during Zoom calls to trick employees into installing custom malware on their macOS devices. BlueNoroff (aka Sapphire Sleet or TA444) is a North Korean advanced persistent threat (APT) group known for conducting cryptocurrency theft attacks using Windows and Mac malware. Huntress researchers uncovered a new BlueNoroff attack on June 11, 2025,…
Read More » -
Blog
Pro-Israel hackers hit Iran’s Nobitex exchange, burn $90M in crypto
The pro-Israel “Predatory Sparrow” hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran’s largest crypto exchange, and burned the funds in a politically motivated cyberattack. The attack occurred on June 18, 2025, with Nobitex first reporting the breach on X at 2:24 AM EST. “This morning, June 19, our technical team detected signs of unauthorized access…
Read More »