Threat Intelligence

A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.

It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.

A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?

Malicious IIS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say.

An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.

Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.

The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.

External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data.

Embrace cyber-risk modeling and ask security teams to pinpoint the risks that matter and prioritize remediation efforts.

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.