TidBITS

Shutting Down SlackBITS After Impersonation-Based Malware Attack

A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT professional into installing the OSX.Odyssey infostealer. Because Slack is designed ...

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...
Dark Reading

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not ...
The Financial ExpressOpinion

From assistants to adversaries

The answer lies in the movement from the artisanal to the industrial. A human attacker, no matter how gifted, is a ...

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher has published a working exploit for a Microsoft Defender security flaw that affects Windows 10, 11, and ...
Crypto Briefing

Polkadot bridge exploited, attacker seizes admin control to mint and dump 1B DOT tokens

Polkadot bridge exploit sees 1B DOT minted and sold for $237K, highlighting vulnerabilities in cross-chain bridge security.
BeInCrypto

Bridged Polkadot Reportedly Hit by Exploit as Attacker Mints 1 Billion DOT Tokens

Attacker reportedly exploits a Hyperbridge gateway vulnerability to mint 1B bridged DOT on Ethereum, then dumps it for 108.2 ...

Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...

60,000 WordPress sites at risk due to plugin security flaw

Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

Signed software abused to deploy antivirus-killing scripts

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...