Subscribe to our weekly newsletter for the latest in industry news, expert insights, dedicated information security content and online events.
The scheme was uncovered by Kaspersky and has been operational since November 2023
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files
This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report
Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations