menu
Feed The Dev

Security

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to ...
2024-11-27 17:29
local_offer
News Security
Latest Multi-Stage Attack Scenarios with Real-World Examples
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. ...
2024-11-27 17:00
local_offer
News Security
APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrus...
2024-11-27 16:44
local_offer
News Security
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrus...
2024-11-27 16:44
local_offer
News Security
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, t...
2024-11-27 12:50
local_offer
News Security
Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation s...
2024-11-27 10:51
local_offer
News Security
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The ...
2024-11-26 18:53
local_offer
News Security
Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help...
2024-11-26 17:00
local_offer
News Security
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim syste...
2024-11-26 16:04
local_offer
News Security
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.  Trend Micro, which described the hacking...
2024-11-26 15:49
local_offer
News Security
CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of ...
2024-11-26 10:33
local_offer
News Security
Google's New Restore Credentials Tool Simplifies App Login After Android Migration
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API, the feature aims to reduce the has...
2024-11-25 19:52
local_offer
News Security
PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot
The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous an...
2024-11-25 19:24
local_offer
News Security
Flying Under the Radar - Security Evasion Techniques
Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really like the saying that ‘This is out ...
2024-11-25 17:00
local_offer
News Security
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to b...
2024-11-25 16:54
local_offer
News Security
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)
We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risk...
2024-11-25 16:43
local_offer
News Security
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system. "This malware takes a more si...
2024-11-25 14:46
local_offer
News Security
Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber att...
2024-11-23 17:40
local_offer
News Security
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, whic...
2024-11-23 17:23
local_offer
News Security
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a M...
2024-11-22 22:29
local_offer
News Security

About Feed The Dev

Feed The Dev is a simple news aggragator for developers created by Alex Seifert. It collects news from various sources and displays them in one place.

Find out more on the about page.

Add a Feed

If there is a news source that you would like to see on Feed The Dev, please see this Github repository for instructions.

Popular Tags

News Operating Systems Microsoft Windows Open Source Apple iOS macOS iPad iPhone Mac Hardware

Support Feed The Dev

If you enjoy using Feed The Dev, please consider a donation to help keep the site running and the content coming!

Feed The Dev