For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
SecurityBrief Asia

China-linked TA4922 expands attacks to Europe & Africa

Businesses in Europe and Africa now face localised phishing and malware attacks from a suspected China-aligned group that has ...
Bitdefender

FamousSparrow APT Targets Azerbaijani Oil and Gas Industry

I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...
GitHub

A small and insanely fast ARCFOUR (RC4) cipher implementation of Python.

Strongly focused on performance; entire source code is written in C. Thread-safety; you can improve further performance with multi-threading. Easily installable; single file with no dependency, ...
Computerworld

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification. The team at Readiness each ...
Dark Reading

'CrashFix' Scam Crashes Browsers, Delivers Malware

A threat actor with a sophisticated variant of the ClickFix attack is tricking users into installing malware on their systems. Unlike typical ClickFix scams that use fake security alerts or CAPTCHAs ...
The Hacker News

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web ...
Hosted on MSN

Microsoft is cutting off a legacy cipher that caused decades of damage

RC4’s long, messy reign over Windows authentication At the center of this shift is RC4, short for Rivest Cipher 4, a stream cipher that once powered much of the internet’s “secure” traffic and is now ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...