Posts

Oregon Man Charged in ‘Rapper Bot’ DDoS Service
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Speed cameras knocked out after cyber attack
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
The AI Fix #64: AI can be vaccinated against evil, and the “Rumble in the Silicon Jungle”
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
Why Your Security Culture is Critical to Mitigating Cyber Risk
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Wazuh for Regulatory Compliance
ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure
Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools
Zero Trust + AI: Privacy in the Age of Agentic AI
U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions
Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution
New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Have You Turned Off Your Virtual Oven?
Simple Steps for Attack Surface Reduction
Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
Smashing Security podcast #430: Poisoned Calendar invites, ChatGPT, and Bromide
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks
The MedusaLocker ransomware gang is hiring penetration testers
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
AI SOC 101: Key Capabilities Security Leaders Need to Know
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
Microsoft Patch Tuesday, August 2025 Edition
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks
Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang
The AI Fix #63: GPT-5 is the best AI ever, and Jim Acosta interviews a murdered teenager’s avatar
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls
⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More
6 Lessons Learned: Focusing Security Where Business Value Lives
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation
Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models
Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems
CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials
KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series
AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
Leaked Credentials Up 160%: What Attackers Are Doing With Them
TeaOnHer copies everything from Tea – including the data breaches
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
Ransomware plunges insurance company into bankruptcy
Ukraine claims to have hacked secrets from Russia’s newest nuclear submarine
Who Got Arrested in the Raid on the XSS Crime Forum?
Hospital fined after patient data found in street food wrappers
Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools
AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures
CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports
AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s Vision
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections
The AI Fix #62: AI robots can now pass CAPTCHAs, and punch you in the face
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Man-in-the-Middle Attack Prevention Guide
⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
The Wild West of Shadow IT
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices
Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs
UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Smashing Security podcast #428: Red flags, leaked chats, and a final farewell
Scammers Unleash Flood of Slick Online Gaming Sites
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Product Walkthrough: A Look Inside Pillar's AI Security Platform
Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
200,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin
The AI Fix #61: Replit panics, deletes $1M project; AI gets gold at Math Olympiad
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims
Why React Didn't Kill XSS: The New JavaScript Injection Playbook
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks
How the Browser Became the Main Cyber Battleground
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Tea Dating Advice app spills sensitive data
Allianz Life hit by hackers, customer and staff personal data stolen
French submarine secrets surface after cyber attack
⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More
Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files
U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Overcoming Risks from Chinese GenAI Tool Usage
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems
Phishers Target Aviation Execs to Scam Customers
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing
Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community
Pentests once a year? Nope. It’s time to build an offensive SOC
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them
Free decryptor for victims of Phobos ransomware released
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
UK to ban public sector from paying ransomware demands
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
Kerberoasting Detections: A New Approach to a Decade-Old Challenge
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups
The AI Fix #60: Elon’s AI girlfriend, the arsonist red panda, and the AI that will kill you
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
How to Advance from SOC Manager to CISO?
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Microsoft Fix Targets Attacks on SharePoint Zero-Day
Europol targets Kremlin-backed cybercrime gang NoName057(16)
Assessing the Role of AI in Zero Trust
⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
Loaf and order: Belgian police launch bread-based cybersecurity campaign
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Smashing Security podcast #426: Choo Choo Choose to ignore the vulnerability
CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025
Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine
Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms
Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit
AI Agents Act Like Employees With Root Access—Here's How to Regain Control
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors
Quelle surprise! Twitter faces criminal probe in France
SIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 million
The AI Fix #59: Grok thinks it’s Mecha Hitler, and AIs can think strategically
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe
Securing Agentic AI: How to Protect the Invisible Identity Access
State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
DOGE Denizen Marko Elez Leaked API Key for xAI
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
The Unusual Suspect: Git Repos
⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More
Elmo has been hacked, claims Trump is in Epstein files, calls for Jews to be exterminated
CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center
eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks
GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Russian basketball player arrested in ransomware case despite being “useless with computers”
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
Paddy Power and BetFair have suffered a data breach
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
Securing Data in the AI Era
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
UK Charges Four in ‘Scattered Spider’ Ransom Group
Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
What Security Leaders Need to Know About AI Governance for SaaS
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
Smashing Security podcast #425: Call of Duty: From pew-pew to pwned
As Texas floods, so does the internet – with dangerous lies
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
AiLock ransomware: What you need to know
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
Microsoft Patch Tuesday, July 2025 Edition
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
The AI Fix #58: An AI runs a shop into the ground, and AI’s obsession with the number 27
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
5 Ways Identity-based Attacks Are Breaching Retail
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Employee arrested after Brazil’s central bank service provider hacked for US $140 million
Manufacturing Security: Why Default Passwords Must Go
⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors
Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Catwatchful stalkerware app spills secrets of 62,000 users – including its own admin
Technical difficulties or cyber attack? Ingram Micro’s website goes down just in time for the holiday weekend
NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors
Hunters International ransomware group shuts down – but will it regroup under a new guise?
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission
Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
Big Tech’s Mixed Response to U.S. Treasury Sanctions
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The Hidden Weaknesses in AI SOC Tools that No One Talks About
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
The AI Fix #57: AI is the best hacker in the USA, and self-learning AI
50 customers of French bank hit after insider helped SIM swap scammers
A New Maturity Model for Browser Security: Closing the Last-Mile Risk
Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation
U.S. Arrests Key Facilitator in North Korean IT Worker Scheme, Seizes $7.74 Million
Microsoft Removes Password Management from Authenticator App Starting August 2025
Senator Chides FBI for Weak Advice on Mobile Security
U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure
Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks
⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
BreachForums broken up? French police arrest five members of notorious cybercrime site
Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack
SafePay ransomware: What you need to know
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
Business Case for Agentic AI SOC Analysts
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Cybercrime is surging across Africa
Beware the Hidden Risk in Your Entra Environment
Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options
New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
The AI Fix #56: ChatGPT traps man in a cult of one, and AI is actually stupid
Aflac, one of the USA’s largest insurers, is the latest to fall “under siege” to hackers
Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking
Marks & Spencer ransomware attack was good news for other retailers
Between Buzz and Reality: The CTEM Conversation We All Need
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes
Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout
Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks
⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More
Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
Krispy Kreme hack exposed sensitive data of over 160,000 people
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
Qilin offers “Call a lawyer” button for affiliates attempting to extort ransoms from victims who won’t pay
Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
6 Steps to 24/7 In-House SOC Success
67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Secure Vibe Coding: The Complete New Guide
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Smashing Security podcast #422: The curious case of the code copier
Ransomware gang busted in Thailand hotel raid
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign
FedRAMP at Startup Speed: Lessons Learned
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
The AI Fix #55: Atari beats ChatGPT at chess, and Apple says AI “thinking” is an illusion
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
Backups Are Under Attack: How to Protect Your Backups
Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Are Forgotten AD Service Accounts Leaving You at Risk?
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
Why Denmark is breaking up with Microsoft
Bert ransomware: what you need to know
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
Malware attack disguises itself as DeepSeek installer
Sweden says it is under cyber attack
South African man imprisoned after ransom demand against his former employer
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
Non-Human Identities: How to Address the Expanding Security Risk
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
Empty shelves after US’s largest natural and organic food distributor suffers cyber attack
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Why DNS Security Is Your First Defense Against Cyber Attacks?
INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure
How to Build a Lean Security Model: 5 Lessons from River Island
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild
Patch Tuesday, June 2025 Edition
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
The AI Fix #54: Will AI collapse under its own garbage, and AI charity “Hunger Games”
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
Marks & Spencer’s ransomware nightmare – more details emerge
Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam
Empower Users and Protect Against GenAI Data Loss
US offers $10 million reward for tips about state-linked RedLine hackers
Smashing Security podcast #420: Fake Susies, flawed systems, and fruity fixes for anxiety
Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV
New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
Proxy Services Feast on Ukraine’s IP Address Exodus
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era
The AI Fix #53: An AI uses blackmail to save itself, and threats make AIs work better
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More
The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
Damascened Peacock: Russian hackers targeted UK Ministry of Defence
New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
Interlock ransomware: what you need to know
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Smashing Security podcast #419: Star Wars, the CIA, and a WhatsApp malware mirage
Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Adidas customers’ personal information at risk after data breach
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
The AI Fix #52: AI adopts its own social norms, and AI DJ creates diversity scandal
AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
CISO's Guide To Web Privacy Validation And Why It's Important
⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide
3AM ransomware attack poses as a call from IT support to compromise networks
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
Oops: DanaBot Malware Devs Infected Their Own PCs
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals
Identity Security Has an Automation Problem—And It's Bigger Than You Think
FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections
Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks
Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal
US Facebook users can now claim their share of $725 million Cambridge Analytica settlement
3CX Breach Was a Double Supply Chain Compromise
US charges three men with six million dollar business email compromise plot
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients’ session notes
Giving a Face to the Malware Proxy Service ‘Faceless’
Army helicopter crash blamed on skipped software patch
Why is ‘Juice Jacking’ Suddenly Back in the News?
As Tax Day approaches, Microsoft warns accounting firms of targeted attacks
Pentagon leak suspect Jack Teixeira arrested at gunpoint
Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
Plenty of juice-jacking scare stories, but precious little juice-jacking
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Ukrainian hackers spend $25,000 of pro-Russian blogger’s money on sex toys
Smashing Security podcast #316: Of Musk and Afroman
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
That ticking noise is your end users’ laptops
A Serial Tech Investment Scammer Takes Up Coding?
Managed Services: A Better Understanding
German Police Raid DDoS-Friendly Host ‘FlyHosting’
5 Great Reasons You Must Outsource IT and Cybersecurity
Technology Solutions Providers: Providing the Peace of Mind You Deserve
Warning! Top Cybersecurity Concerns You Need to Consider
Preparing for the Unexpected: A Quick Guide to BCDR

Sitemap

Posts

Pages

Categories

Latest Posts