Avast releases a free decryptor for some Hades ransomware variants

Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ . Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the […]

Continue Reading

Telstra Telecom discloses data breach impacting former and current employees

Bad news for the Australian telecommunications industry, the largest company in the country Telstra suffered a data breach. Australia’s largest telecommunications company Telstra disclosed a data breach through a third-party supplier. The company pointed out that its systems have not been breached, the security breach impacted a third-party supplier that previously provided a now-obsolete Telstra […]

Continue Reading

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

OnionPoison: researchers reported that an infected Tor Browser installer has been distributed through a popular YouTube channel. Kaspersky researchers discovered that a trojanized version of a Windows installer for the Tor Browser has been distributed through a popular Chinese-language YouTube channel. The campaign, named OnionPoison, targeted users located in China, where the Tor Browser website […]

Continue Reading

A flaw in the Packagist PHP repository could have allowed supply chain attacks

Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply chain attacks. SonarSource Researchers disclosed details about a now-fixed vulnerability (CVE-2022-24828) in PHP software package repository Packagist,, that could have been exploited to carry out supply chain attacks. The issue was addressed within hours by […]

Continue Reading

Linux Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group

Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the recently discovered Linux ransomware Cheerscrypt to the China-linked cyber espionage group Bronze Starlight (aka DEV-0401, APT10) Bronze Starlight, has been active since mid-2021, in June researchers from Secureworks reported that the APT group is deploying […]

Continue Reading

Microsoft mitigations for recently disclosed Exchange zero-days can be easily bypassed

The mitigation shared by Microsoft for the two recently disclosed Exchange zero-day vulnerabilities can be bypassed, expert warns. Last week, Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The first flaw, tracked as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) issue. […]

Continue Reading

Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor

A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike disclosed details of a supply chain attack that involved the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Comm100 is a provider of customer service and communication products […]

Continue Reading