Toggle light / dark theme

Get the latest international news and world events from around the world.

Log in for authorized contributors

Hackers exploit Roundcube flaw to spy on academic researchers

A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware.

The campaign has been observed since May and focuses on physics and engineering departments, administrators and professors, as well as organizations involved in astrophysics, particle physics, or national security-related research.

Researchers at cybersecurity company Proofpoint are tracking the activity under the name ‘UNK_MassTraction’ and believe to be associated with a new threat cluster.

DuckDuckGo browser now blocks YouTube video ads

DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback.

The feature is enabled by default in the latest versions of DuckDuckGo for iOS, Mac, and Windows, while Android users can enable it manually by going to Settings Ad Blocking.

YouTube is the world’s largest video platform, serving billions of users worldwide. Apart from YouTube Premium subscribers, free users are shown ads that help fund operational costs and creator payouts.

Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications.

The threat actor published at least 17 malicious packages simultaneously, each tasked to exfiltrate credentials and access tokens to a command-and-control server hosted on Amazon Web Services (AWS).

All three payment platforms are popular, with Paysafe being mostly used by e-commerce sites and online marketplaces, gaming platforms, travel businesses, and financial services or software-as-a-service (SaaS) providers.

Entra passkey enrollment vishing targets Microsoft 365 users

A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey.

The attacker is taking advantage of a new capability Microsoft opened to administrators in May, allowing them to run “passkey registration campaigns” to entice users to enrol passkeys for more secure authentication.

The campaign has been running since April and involves calling targeted users and trying to convince them to register a new passkey under the attacker’s control.

/* */