A sinister campaign known as ShadowCaptcha is using over 100 compromised WordPress sites as unwitting hosts, redirecting visitors to fake CAPTCHA pages. These deceptive pages trigger malware delivery ranging from credential stealers to ransomware and cryptocurrency miners.
Researchers from Israel’s National Digital Agency revealed that ShadowCaptcha merges social engineering with living-off-the-land tactics. Attackers aim to steal credentials, exfiltrate browser information, deploy cryptomining software, or trigger ransomware—depending on the route the victim takes. [Read more…]
Cyberattacks on U.S. federal courts are no longer just IT problems. They now pose a national security threat.
A new cybersecurity threat is emerging as attackers use DNS records—the very system that directs internet traffic—to hide malware. Instead of relying on email attachments or suspicious downloads,
A surveillance app marketed as a stealthy tool for parents has exposed sensitive data from over 62,000 users, raising fresh concerns about the real audience for apps like it.
Security researchers have identified two major exploits in the Secure Boot system, both capable of sidestepping one of the most important protections on modern PCs. Microsoft has issued a patch for one of them. The other remains untouched, even as it offers attackers a nearly universal method to bypass security during the startup process.