News

A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.

Having been at ActiveState for nearly eight years, I've seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code.

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS score: 9.8), which also came under active exploitation shortly after public disclosure.

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure.

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games."