The Hacker News

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Researchers found a LinkedIn phishing campaign delivering a remote access trojan via DLL sideloading, WinRAR SFX files, and ...

Hackers are now exploiting the safety of open-source apps to sideload malware, and on LinkedIn of all places

The good news is that not clicking on unknown links avoids it entirely.
Hackaday

Astronomy Live On Twitch

Although there are a few hobbies that have low-cost entry points, amateur astronomy is not generally among them. A tabletop Dobsonian might cost a few hundred dollars, and that is just the entry ...

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive

A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and ...
Decrypt

North Korea–Linked Hackers Use Deepfake Video Calls to Target Crypto Workers

Hackers are using AI-generated video calls to impersonate trusted contacts and trick crypto workers into installing malware.
Cybernews

LinkedIn DM phishing campaign targets high-value execs with weaponized file downloads

A phishing campaign targeting carefully selected “high-value” corporate employees has been using LinkedIn direct messages to deliver weaponized downloads, highlighting how criminals are shifting away ...
Cybernews

Pentest tools left online are allowing hackers to exploit Fortune 500 firms

Hackers are exploiting intentionally vulnerable penetration testing and security training apps that have been mistakenly exposed to the public internet, giving them access to cloud environments ...

Hacking the grid: How digital sabotage turns infrastructure into a weapon

The US used a cyberattack to turn off power in Caracas during the raid to seize Maduro. The US grid is also vulnerable to ...
Dark Reading

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to ...

Chainalysis bets on automation to scale onchain investigations beyond developers

Chainalysis has launched Workflows, a no-code feature that lets non-technical users automate advanced onchain investigations ...

Hackers exploit security testing apps to breach Fortune 500 firms

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such ...