A sprawling phishing-as-a-service (PhaaS) campaign that has been running since at least last summer is using more than 20,000 fake domains to target a wide range of organizations in more than 100 countries, illustrating the capabilities of an increasingly popular tool among threat actors. The unknown hackers are using a platform called “Darcula” (sic) that..

The post ‘Darcula’ PhaaS Campaign Sinks Fangs into Victims appeared first on Security Boulevard.

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup.

The post PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found appeared first on Security Boulevard.

Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support.

The post Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones appeared first on Security Boulevard.

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has been ongoing for at least..

The post Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework appeared first on Security Boulevard.

Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit.

The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with..

The post Complex Supply Chain Attack Targets GitHub Developers appeared first on Security Boulevard.

Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service.

The post Telegram Privacy Nightmare: Don’t Opt In to P2PL appeared first on Security Boulevard.

UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic.

The post China Steals Defense Secrets ‘on Industrial Scale’ appeared first on Security Boulevard.

With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft and Malwarebytes in recent days have outlined various scams being used to steal sensitive information, drop malicious payloads, or make payments to fake..

The post Tax Scams Ramping Up as the April 15 Deadline Approaches appeared first on Security Boulevard.

GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads.

The post Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys appeared first on Security Boulevard.