Recently, over 100 websites belonging to car dealerships were found to serve malicious "ClickFix" code due to a supply chain attack that affected a third-party domain. According to security researcher Randy McEoin, the threat actor infected LES Automotive, a privately held streaming service provider based in Tolland, CT, that primarily focuses on the automotive industry. All websites using LES Automotive's services shared a ClickFix webpage with their visitors. [1]
All Articles (2533)
Sort by
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. The prosecutors explain that most stolen tickets were for Taylor Swift's Eras Tour. However, the criminals also targeted other high-value and high-profile events, including Ed Sheeran concerts, Adele concerts, NBA games, and the US Open Tennis Championships. [1]
The two defendants, 20-year-old Tyrone Ros
US President Donald Trump has offered a hint about the possible future ownership of TikTok’s American business, whilst speaking aboard Air Force One. Trump on 9 March was quoted by Reuters as saying that his administration was in touch with four different groups about the sale of Chinese-owned TikTok, and that all options were good. It comes after US President Joe Biden in April 2024 had signed a bill that gave Chinese owner ByteDance up to a year to divest TikTok or face a nationwide ban acro
The US FBI is warning that a threat moving across America “from state to state" targets citizens via malicious SMS (smishing) texts, telling iPhone, Android users to “delete any smishing texts received.” Now cybercriminals have registered “over 10,000 domains” to fuel a new wave of attacks. These new texts are easy to detect, delete them right away.
The new report comes via Palo Alto Networks’ Unit 42. The new campaign, it says, “entices users to reveal personal and/or financial information,
When was the last time you held a Skype call? After more than 21 years, Skype will soon be no more. Recently, some users visited the latest Skype preview update and noticed as-yet-unsurfaced text that read, "Starting in May, Skype will no longer be available. Continue your calls and chats in Teams." Microsoft has confirmed that it is true. May 5, 2025, will end Skype's long run.
Along with verifying that the end is coming, Microsoft shared details about how it plans to migrate Skype users. Start
Most (87%) security professionals have reported that their organization has encountered an AI-driven cyber-attack in the last year, with the technology increasingly taking hold, according to a new report by SoSafe. The new SoSafe 2025 Cybercrime Trends report also noted that 91% of all security experts anticipate a significant surge in AI-driven threats over the next three years. The World Economic Forum’s Global Cybersecurity Outlook 2025 cited a 223% increase in the trade of deepfake-relate
OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. "We banned accounts demonstrating activity potentially associated with publicly reported Democratic People's Republic of Korea (DPRK) affiliated threat actors," the company said in its February 2025 threat intelligence report. "Some of these accounts engaged in activity involving TTPs consistent with a threat group known as VELVET CHOLLI
It has been a confusing few days in US cyber security. At the end of February of this year, it was reported that Defense Secretary Pete Hegseth had ordered US Cyber Command to pause its offensive operations against Russia. The news was swiftly followed by reports that the US Cybersecurity and Infrastructure Security Agency (CISA) staff had been instructed to turn a blind eye to hacks directed against the United States that might be linked to Russia. The Trump administration had reportedly ordere
In January 2025, our friends at FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan. Figure 1 shows an example of the attack chain. Usually, there is a loader that is only used to load the malicious DLL file, and the Winos4.0 module is extracted from the shellcode downloaded from its C2 server.
Link to full report: IR-25-063-002_Winos.pdf
Havoc is a powerful command-and-control (C2) framework. Like other well-known C2 frameworks, such as Cobalt Strike, Silver, and Winos4.0, Havoc has been used in threat campaigns to gain complete control over the target. Additionally, It is open-source and available on GitHub, making it easier for threat actors to modify it to evade detection.
FortiGuard Labs recently discovered a phishing campaign that combines ClickFix and multi-stage malware to deploy a modified Havoc Demon Agent. The threat a
Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. Guidepoint Security first reported the phony ransom notes today, and BleepingComputer later received a scan of the note from a CEO who received the same letter. The envelopes for these ransom notes claim to be from the "BIANLIAN Group" and have a return address in an office building in Boston, Massachusetts.
The letter shared with BleepingCompu
Cybersecurity is on the brink of major shifts. As new technologies emerge and threats evolve, staying sharp and adaptable is non-negotiable, especially when it comes to preparing your people for what’s next. This year, cyber resilience will take center stage, with the human element playing a defining role in the fight against cyber threats.
With human error contributing to the majority of incidents and the global average cost of cyberattacks reaching a record-high $4.88 million in 2024, the hi
Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity Report revealed a sharp increase in cyber threats within the automotive industry in 2024. Despite regulatory scrutiny, cybercriminals are evolving faster than the industry can respond, increasing the gap between regulatory measures and the skills of hackers.
In 2024, cybersecurity incidents surged to 409, which is up from 295 in 2023. The report highlighted that the rising number of ransomware cyberattacks is one of the most si
"There it goes," says Aditya K Sood as the remote dashboard for a solar power plant in India appears on his screen. The US-based hacker is on a mission to educate on cybersecurity. Speaking on a video call with media, he shows how easy it has been for him to log into a plant in southern India's Tamil Nadu region. "You know, people deploy their devices and forget to actually change [default] passwords. Or they have configured very weak passwords," Sood says as he's pointing to the system open
Even industry leaders can be the target of cyber-attacks. New York-based venture capital firm Insight Partners has confirmed a cyber-attack hit it in January 2025. In a public statement published on 18 February, the investment company said an unauthorized third party accessed some parts of its information systems through a “sophisticated social engineering attack.” The intrusion was detected on 16 January 2025. “As soon as this incident was detected, we moved quickly to contain, remediate, and s
Cyber security risks, including ransomware, data breaches, and IT disruptions, remained the top business concern worldwide over the past year. A recent Report published by the International Underwriting Association (IUA) underscores the need for cyber business interruption (BI) risks to receive the same attention as information technology security controls and ransomware threats.
The new IUA guide also aims to help insurers navigate money-handling requirements in the European Union. Across the c
Ports Australia has called for action to further bulletproof Australia’s supply chain against cyber threats, including the establishment of a consultative forum. Ports Australia CEO Mike Gallacher said that addressing cyber threats and improving response efficiency are crucial for Australia's economic stability and security. "Cyber security at our ports remains a critical issue for Australian trade, and we need a collaborative approach to address growing threats," said Gallacher. “Historicall
An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India. The app falls under a group of malicious Android applications called "SpyLoan," which pretend to be legitimate financial tools or loan services but instead steal data from devices for use in predatory lending. These apps lure users with promises of quick and easy loans, often requiring little documentation an
Microsoft Threat Intelligence researchers identified North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided by the attacker. The Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control of the Reconnaissance General Burea
An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers. For the past month, BleepingComputer and others have received emails from PayPal stating, "You added a new address. This is just a quick confirmation that you added an address in your PayPal account." The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase con
