Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after threat actors compromised its corporate systems in March and stole the personal information of an undisclosed number of associates. Panda Express is the largest Chinese fast food chain in the United States, with over $3 billion in sales and 47,000 associates working in 2,300 branches. The company discovered a data security breach on March 10, 2024, which affected some of its corporate systems but left in-store systems, operations, and guest experience unaffected. According to ..read more

A new malware family, named Cuttlefish, was discovered which targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data from internet traffic. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. Cuttlefish has a modular structure which was designed to primarily steal authentication data from web requests passing through the router from the local area network (LAN). The malicious code can also perform DNS and HTTP hijacking within private IP sp ..read more

Hackers are targeting a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. The plugin, which has been installed on more than 30,000 websites, lets administrators automate content importing (e.g. text, images, video) from various online sources and publishing on their WordPress site. The exploited vulnerability is tracked as CVE-2024-27956 and has a severity score of 9.9/10. The researchers at PatchStack vulnerability mitigation service has publicly disclosed the vulnerabili ..read more

The US government has taken down Samourai Wallet, a cryptocurrency mixing service that executed over $2billion in unlawful transactions and laundered over $100m in criminal proceeds. According to a press release by the US Department of Justice (DoJ), Samourai’s web servers and domain were seized following a law enforcement operation in collaboration with Iceland’s authorities. Additionally, the illegal cryptocurrency service’s Android app has been removed from the Google Play Store in the US. The DoJ also revealed that Samourai’s two co-founders, CEO Keonne Rodriguez and CTO William Lonergan H ..read more

Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. APT28 has been using this tool to exploit the CVE-2022-38028 vulnerability since at least June 2020 and possibly as early as April 2019. Redmond fixed the vulnerability reported by the U.S. National Security Agency during the Microsoft October 2022 Patch Tuesday but has yet to tag it as actively exploited in its advisory. The military hackers, part of Military Unit 26165 of Russia’s Main ..read more

UK police claim to have successfully infiltrated and disrupted a phishing-as-a-service (PhaaS) operation that made cybercriminals over £1m ($1.3m) from tens of thousands of victims. One of the world’s largest PhaaS platforms, LabHost offered all the tools fraudsters needed to launch sophisticated phishing and smishing (SMS phishing) campaigns. LabHost launched in 2021, was responsible for hosting as many as 40,000 phishing sites by 2024, with 2000 criminal users said to be paying a monthly subscription fee for its services, according to London’s Metropolitan Police, which led the law enforceme ..read more

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. OpenMetadata is an open-source metadata management platform that helps data engineers and scientists to catalog and discover data assets within their organization, including databases, tables, files, and services. The security vulnerabilities exploited in these attacks (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254) were patched one month ago in OpenMedata versions 1.2.4 and ..read more

Dutch chipmaker Nexperia confirmed that hackers breached its network in March 2024 after a ransomware gang leaked samples of the allegedly stolen data. Nexperia is a subsidiary of Chinese company Wingtech Technology that operates semiconductor fabrication plants in Germany and the UK, producing 100 billion units, including transistors, diodes, MOSFETs, and logic devices. The company disclosed that a data breach has forced it to shut down IT systems and launch an investigation to determine the scope of impact. They promptly took action and disconnected the affected systems from the internet to ..read more

An active Android malware campaign dubbed eXotic Visit was found targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. According to the Slovak cybersecurity firm, the activity which has been ongoing since November 2021, is not linked to any known threat group. It’s tracking the group behind the operation under the name Virtual Invaders. ESET security researcher Lukáš Štefanko stated that the downloaded apps provide legitimate functionality, but also include code from the open-source Android XploitSPY RAT ..read more

Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw. The security vulnerability (CVE-2024-3273) is the result of a backdoor facilitated through a hardcoded account (username “messagebus” with an empty password) and a command injection issue via the “system” parameter. Threat actors are now exploiting these two security flaws to deploy a variant of the Mirai malware (skid.x86). Mirai variants are usually designed to add infected devices to a botnet tha ..read more