Cybersecurity

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades 

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades 

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting.
“The modifications seen in the TgToxic payloads reflect the actors’ ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices 

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices 

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023.
French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and

Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers 

Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers 

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company’s CEO Ben Zhou declared a “war against Lazarus.”
The agency said the Democratic People’s Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” 

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” 

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.

Smashing Security podcast #406: History’s biggest heist just happened, and online abuse 

Smashing Security podcast #406: History’s biggest heist just happened, and online abuse 

In episode 406 of the “Smashing Security” podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls’ safety online.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites 

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites 

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale.
Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles 

Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles 

More than a year’s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members.
The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an

SOC 3.0 – The Evolution of the SOC and How AI is Empowering Human Talent 

SOC 3.0 – The Evolution of the SOC and How AI is Empowering Human Talent 

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems 

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems 

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42.
“Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized

Three Password Cracking Techniques and How to Defend Against Them 

Three Password Cracking Techniques and How to Defend Against Them 

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X