image – Security Affairs
image Security Affairs
image Security Affairs
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that’s capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for three months,…
Identity-based attacks and abuse of compromised credentials have become the most common method cybercriminals use to hit networks with ransomware, analysis of real-world incidents has revealed. According to a new report by Sophos, 79% of ransomware attacks can be traced back to an initial intrusion which exploited compromised identities and legitimate user logins. In total,…
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords. A screenshot from a video released on…
Organizations across multiple sectors have been targeted in a vishing campaign aimed at harvesting Microsoft 365 credentials, Okta warns. The campaign started in April and has involved voice calls directing the victims to fake Microsoft Entra ID login pages under the pretense that they need to register a new passkey. Tracked as O-UNC-066 and also…
Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug Pierluigi Paganini July 16, 2026 Zoom warns of a critical Windows flaw, tracked as CVE-2026-53412, that could let attackers take over accounts without authentication. Zoom has fixed a critical Windows vulnerability, tracked as CVE-2026-53412 (CVSS score of 9.8) that could allow unauthenticated attackers to hijack user accounts….
The US Cybersecurity and Infrastructure Security Agency (CISA) has detailed its response to internal CISA Amazon AWS GovCloud Keys and other information being made available in a public repository. The reaction came after KrebsOnSecurity detailed in May how a security researcher with GitGuardian had identified a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large…