Cybercriminals are exploiting known weaknesses in the Sunlogin software to deploy the Sliver Command-and-Control (C2) framework for post-exploitation activities. This was uncovered by the AhnLab Security Emergency Response Center (ASEC), which discovered that security flaws in the Chinese-developed remote desktop program, Sunlogin, are being taken advantage of to launch a wide range of malicious payloads.

The National Cyber Security Centre (NCSC) of the United Kingdom has issued a warning about spear-phishing attacks orchestrated by state-sponsored actors from Russia and Iran. The attacks are aimed at specific sectors, including academia, defense, government organizations, NGOs, and think tanks, as well as politicians, journalists, and activists, and are not directed toward the general

On Tuesday, GoTo (formerly LogMeIn), the parent company of LastPass, announced that an unknown party had successfully accessed encrypted backups of certain customers’ data, along with the encryption key for some of these backups, in a November 2022 incident. The company has identified that a third-party cloud storage service was targeted, which has impacted the

Two security vulnerabilities have been identified in the Samsung Galaxy Store application for Android devices that could potentially be exploited by a local attacker to install arbitrary applications or redirect potential victims to fraudulent web pages. The vulnerabilities, designated as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and reported to Samsung in November and