Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. “The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef,” Truesec researchers Mattias Wåhlén,Read More »TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program calledRead More »Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions –Read More »Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

As cyberattacks become more sophisticated and frequent, CISOs express concern about their organization’s defensive abilities. 

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors. “While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE)Read More »Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

Approximately 1.1 million customers have been impacted by the Farmers Insurance data breach. 

Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary,Read More »Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec