New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. “WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,” Elastic Security Labs researcher Daniel Stepanic said in a new analysis. “Each sample is […]

Continue reading


China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. “The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months […]

Continue reading


Microsoft Uncovers ‘Moonstone Sleet’ — New North Korean Hacker Group

A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. “Moonstone Sleet is observed to set up fake companies and job […]

Continue reading


Chinese, Iranian, and Russian gangs are attacking U.S. drinking water and officials are alarmed

Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation’s drinking water. About 70% of utilities inspected by federal officials over the last year violated standards meant to […]

Continue reading


Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. “The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the […]

Continue reading


China-linked group uses malware to try to spy on commercial shipping, new report say

The cyber espionage group known as Mustang Panda introduced malware over the past five months to gain remote access to “computer systems belonging to cargo shipping companies based in Norway, Greece, and the Netherlands, including some that appeared to be aboard the cargo ships themselves,” according to the Slovakia-based cyber security firm ESET. The report […]

Continue reading