On Thursday, researchers with the Symantec security firm reported on a collaboration that worked the other way—use by the RA World ransomware group of a “distinct toolset” that previously has been seen used only in espionage operations by a China-linked threat group. The toolset, first spotted in July, was a variant of PlugX, a custom … Read more
Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers. Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected … Read more
The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world’s best known hotel brands. Hotel management software provider Otelier boasts that more than 10,000 hotels – including brands like Marriott, Hilton, and Hyatt – use its … Read more
It’s hard to find a good criminal these days. I mean a really trustworthy one you can be confident won’t lead you up the garden path with false promises of data breaches. Like this guy yesterday: For my international friends, JB Hi-Fi is a massive electronics retailer down under and they have my data! I … Read more
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further … Read more
