Cybersecurity

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties 

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties 

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity.
Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects 

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects 

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, “Were all functionalities of the web app tested?” or ” Were there any security issues that could have been identified during testing?” often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers 

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers 

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT.
The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.
The infection chain commences with a phishing

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits 

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits 

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers 

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers 

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection 

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection 

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January] 

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January] 

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can’t be fought with

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI 

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI 

Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP 

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP 

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems.
The list of identified packages is below –

@async-mutex/mutex, a typosquat of async-mute (npm)
dexscreener, which masquerades as a library for accessing liquidity pool

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025 

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025 

Popular video-sharing social network TikTok has officially gone dark in the United States, 2025, as a federal ban on the app comes into effect on January 19, 2025.
“We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable,” the company said in a pop-up message. “We’re working to restore our service in the U.S. as soon as

CALL US TODAY TO SPEAK TO A SECURITY EXPERT: 720.221.6804

X