Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
The hackers are likely trying to collect data to feed the development of zero-day exploits, said Google researchers
Hardcoded passwords and path traversals keeping bug hunters in work Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.…
Persistent Attack Grants Remote SSH Access via ExploitSomeone - possibly nation-state hackers - appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers.
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa
Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balad Injector. [...]
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [...]