Hackers – Securitydive

APT Hackers Targets Indian Govt Infrastructure Using GOGITTER Tool & GITSHELLPAD Malware

Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The attack chain begins with emails that are phishing base containing deceptive PDF documents that impersonate legitimate government communications. These PDFs display blurred images of official documents and use…

Grubhub confirms data breach: hackers demand ransom tied to Salesforce attacks

admin1 week ago1 week ago03 mins

Grubhub confirms it’s been hacked after unauthorized actors gain access to internal systems. The attackers reportedly gained access through credentials stolen during the Salesloft breach last August. Salesloft, a sales engagement platform, suffered a compromise that exposed OAuth tokens for multiple integrated services. Those tokens provided persistent access that attackers exploited months later. Grubhub confirmed…

Chinese-Linked Cyberespionage Target U.S. Government; Mustang Panda

admin2 weeks ago2 weeks ago02 mins

The Chinese-linked cyberespionage group ‘Mustang Panda’ targeted U.S. government and policy-related officials with phishing emails themed around Venezuela. The campaign, uncovered by Acronis, exploited geopolitical events to infect systems and steal data. The U.S. Department of Justice recognizes Mustang Panda as a hacker group backed by China. Chinese-linked cyberespionage group, identified as ‘Mustang Panda,’…

Cisco says China-linked hackers exploiting insecure setting in security products

admin1 month ago02 mins

China-linked hackers have been using misconfigured Cisco security products to deploy backdoors on target networks for at least the past several weeks. The hacker group, which Cisco tracks as UAT-9686, has been taking advantage of an insecure setting in Cisco’s AsyncOS software, which powers the company’s email and web security devices and virtual platforms, Cisco…

700Credit Data Breach Impacts 5.8 Million Individuals

admin1 month ago1 month ago03 mins

Credit report and identity verification services provider 700Credit has disclosed a data breach impacting more than 5.8 million individuals. 700Credit is the largest provider of credit checks, identity verification, fraud detection, and compliance services for automotive, marine, powersports, and RV dealers in North America. It serves roughly 18,000 dealerships. The incident, the company says, was…

Akira’s SonicWall Hacks Are Taking Down Large Enterprises

admin2 months ago2 months ago05 mins

A ransomware operation has discovered it can target large corporations by going after network security devices pitched to smaller enterprises. The market for SonicWall SSL VPN devices tends to be small- and medium-sized firms – but when those businesses are bought by larger businesses, the devices suddenly are part of a network worth real money…

FCC says hackers hijack US radio gear to send for False Alerts

admin2 months ago03 mins

Hackers are hijacking U.S. radio transmission equipment to broadcast bogus emergency messages and obscene language, the Federal Communications Commission said on Wednesday. In a public notice, opens new tab, the FCC said a “recent string of cyber intrusions against various radio broadcasters” had occurred, resulting in the issuance of the U.S. Emergency Alert System’s “Attention Signal.”…

CrowdStrike Fires Insider for Sharing Internal System Details with Hackers

admin2 months ago03 mins

Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective. The incident, which came to light last week, involved the leak of internal screenshots on a public Telegram channel operated by the threat group known as “Scattered Lapsus$ Hunters.” The leaks surfaced when…

Hackers Using New Matrix Push C2 to Deliver Malware & Phishing Attacks via Web Browser

admin2 months ago06 mins

Hackers are turning everyday web browsers into remote-control tools using a new command-and-control (C2) platform called Matrix Push C2, according to BlackFog research. The browser‑native, fileless framework abuses legitimate web push notification features to deliver malware, phishing pages, and data theft campaigns across Windows, macOS, Linux, and mobile platforms. Instead of dropping traditional malware binaries…

Microsoft Entra flaw let hackers access any account, patch now

admin3 months ago3 months ago03 mins

A critical vulnerability in Microsoft Entra could have let hackers access any user account. The flaw affected key authentication processes, allowing normal security checks to be bypassed. Microsoft released a patch quickly, but accounts that are not updated remain exposed. Experts urge immediate action to protect sensitive information. Applying the latest updates promptly ensures personal…