Cybersecurity

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.
The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.
“A malicious container running on Docker Desktop could access the

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads 

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads 

Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter.
The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages,” Fortinet FortiGuard Labs researcher Cara Lin said. “These pages are designed to entice recipients into downloading JavaScript

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More 

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More 

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn’t just a matter of firewalls and patches—it’s about strategy. The strongest organizations aren’t the ones with the most tools, but the ones that see how cyber risks connect to business

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations 

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations 

Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real time. However, the new Picus Blue Report 2025, based on over 160 million real-world attack simulations, revealed that organizations are only detecting 1 out of 7 simulated attacks,

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing 

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing 

The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities.
“Initial access is achieved through spear-phishing emails,” CYFIRMA said. “Linux BOSS environments are targeted via weaponized .desktop

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot 

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot 

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator.
“On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor,” Socket researcher Kirill Boychenko

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets 

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets 

Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure.
The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8), a critical

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection 

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection 

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.
The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up.
“The payload isn’t hidden inside the file content or a macro, it’s encoded directly

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage 

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage 

Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks.
“The adversary has also shown considerable ability to quickly weaponize N-day and zero-day vulnerabilities and frequently achieves initial access to their targets by

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X