Cybersecurity

Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets 

Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.
The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More 

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More 

It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect.
Here’s a quick look at this week’s top threats, new tactics, and security stories shaping

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches 

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches 

ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. 
ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage. 
The name is a little misleading, though

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign 

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign 

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems 

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems 

China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a “premeditated” cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a “hacker empire” and the “greatest source of chaos in cyberspace.”
The Ministry of State Security (MSS), in a WeChat post, said it uncovered “irrefutable evidence” of the agency’s involvement in the intrusion

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide 

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide 

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud.
The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs 

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs 

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.
According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based on the ZIP

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT 

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT 

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins).
“The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, researcher with Fortinet’s FortiGuard

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware 

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware 

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset.
That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X