Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam.
"While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out," c/side researcher Himanshu Anand said in a Tuesday analysis.
"The malicious landing
Les cybermenaces connaissent chaque année une montée en puissance qui amène les entreprises à faire évoluer leurs dispositifs de protection pour ne pas être impactées par des attaques hétérogènes. Dans ce contexte, un constat se pose au niveau des petites et moyennes entreprises : ces dernières apparaissent beaucoup plus vulnérables au regard de leur manque de […]
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. [...]
Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals [...]
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the credentials to be compromised.
"When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically," Google's Ashima Arora, Chirag Desai, and Eiji Kitamura said. "On
Infoblox Threat Intelligence a identifié un nouvel acteur de menace, baptisé Hazy Hawk, qui exploite des sous-domaines abandonnés pour mener des attaques par phishing et diffuser des malwares. Tribune. En ciblant des ressources cloud négligées, telles que des buckets Amazon S3 ou des points de terminaison Azure, Hazy Hawk détourne des enregistrements DNS orphelins […]
A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. [...]
Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. [...]
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. [...]
The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. [...]
À l’occasion de sa conférence annuelle I/O, Google a trouvé surement l’astuce idéale pour faire de Gemini l'une des intelligences artificielles les plus performantes du moment. Avec « Personal Context », Google entend devenir un véritable assistant personnel.
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. [...]
A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). [...]
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines. [...]
Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. [...]
A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records.
The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes), according to
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.
"The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis
Connexion
