Europol arrested five SmokeLoader customers using seized database links, exposing cybercrime’s hidden demand chain.
Category: cybercrime/malcode – Page 10
As websites incorporate more third-party tracking technologies, robust CSRF attack prevention becomes paramount. This case study illustrates how a misconfigured third-party vendor exposed CSRF tokens on a major retailer’s website, highlighting the risks of inadequate third-party security.
The Problem
A misconfiguration allowed a third-party pixel used by a major online retailer to access CSRF tokens and authentication tokens, which, as we noted, are critical security elements for preventing unauthorized actions. This exposure transmitted the tokens to remote third-party servers, creating a significant vulnerability that risked potential data breaches.
AkiraBot spammed 80,000 websites since September 2024 using GPT-4o-Mini, evading CAPTCHA with proxy tactics.
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations.
In an 8-K filing to the U.S. Securities and Exchange Commission (SEC), Sensata says that the attack occurred on Sunday, April 6, and involved data theft, too.
“The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions,” reads the notification.
Lovable AI scored 1.8 on VibeScamming tests, enabling full scam creation with minimal guardrails, risking mass phishing abuse.
ToddyCat exploits ESET’s CVE-2024–11859 flaw with TCESB malware, bypassing security tools via DLL hijacking.
Malware campaign via SourceForge and fake AI sites deploy miner, clipper, and RAT malware, impacting 4,604 users in Russia.
UTSA researchers recently completed one of the most comprehensive studies to date on the risks of using AI models to develop software. In a new paper, they demonstrate how a specific type of error could pose a serious threat to programmers that use AI to help write code.
Joe Spracklen, a UTSA doctoral student in computer science, led the study on how large language models (LLMs) frequently generate insecure code.
His team’s paper, published on the arXiv preprint server, has also been accepted for publication at the USENIX Security Symposium 2025, a cybersecurity and privacy conference.
EncryptHub compromised 618+ targets using Microsoft flaws and custom malware after failed freelance attempts.
Fast flux exploits DNS gaps to evade takedowns since 2007, enabling resilient malware and phishing operations.