The Hacker News

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

FAUX#ELEVATE phishing deploys stealers and miners via fake resumes, targeting enterprise systems, enabling rapid credential ...

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...
Microsoft

Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started

Microsoft Defender stopped a human-operated ransomware attack that abused Group Policy Objects (GPOs) to disable defenses and ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

New Torg Grabber infostealer malware targets 728 crypto wallets

A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them ...
WinBuzzer

DarkSword iOS Exploit Leaks on GitHub, Threatens Millions

A government-grade iOS exploit kit called DarkSword has been leaked on GitHub, putting hundreds of millions of iPhones ...