Aggregator

You must login to view this content

A North Korea-aligned threat group known as ScarCruft has been caught running a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region. The attackers planted backdoors in both Windows and Android versions of the platform’s games, turning a trusted service into a covert espionage tool. The campaign has likely […]

The post New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors appeared first on Cyber Security News.

A China-aligned threat group tracked as SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange Server vulnerabilities to conduct cyberespionage against government and defense-linked targets across Asia and beyond. The group’s activity dates back to at least December 2024, with campaigns targeting at least eight countries, including government ministries, defense contractors, IT consulting firms, and transportation organizations […]

The post China-Aligned SHADOW-EARTH-053 Exploits Exchange Servers to Deploy ShadowPad Malware appeared first on Cyber Security News.

You must login to view this content

Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-42249 Ollama is an open-source tool for running large language models locally. It’s is used by those who don’t want their data to leave their machine and don’t want to be constrained by API costs, usage limits, or the requirement of … More →

The post Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say appeared first on Help Net Security.

LastPass has launched Mobile Smart Scanner, a solution that converts photographs of typed or handwritten credentials into structured, ready-to-use password entries that can be reviewed, saved, and autofilled directly from the vault. Available in early access for Free, Premium, and Family plan customers, the feature extracts the site URL, username, and password from a single scan taken with the LastPass mobile app. No manual typing, no third-party upload. Scanning occurs on-device consistent with the LastPass … More →

The post LastPass Mobile Smart Scanner improves password security appeared first on Help Net Security.

A Chinese-linked threat group known as Silver Fox has been running a calculated phishing campaign, tricking employees at organizations across multiple countries into opening what appear to be official tax authority notices. The emails, disguised as legitimate government communications, led victims to download a chain of malware that ultimately installed both the known ValleyRAT backdoor […]

The post Silver Fox Uses Fake Tax Notices to Deploy ValleyRAT and New ABCDoor Backdoor appeared first on Cyber Security News.

You must login to view this content

Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email — with pricing starting at $99/month LuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare […]

The post LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations appeared first on Cyber Security News.