Posts

How Each Pillar of the 1st Amendment is Under Attack
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
VanHelsing ransomware: what you need to know
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
When Getting Phished Puts You in Mortal Danger
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!
Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
The AI Fix #43: I, for one, welcome our new robot overlords!
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
How to Balance Password Security Against User Experience
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
Arrests in Tap-to-Pay Scheme Powered by Phishing
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
10 Critical Network Pentest Findings IT Teams Overlook
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
BlackLock ransomware: What you need to know
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Smashing Security podcast #409: Peeping perverts and FBI phone calls
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
Supply-chain CAPTCHA attack hits over 100 car dealerships
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
DOGE to Fired CISA Staff: Email Us Your Personal Data
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
The AI Fix #42: AIs with anxiety, and why AIs don’t know what happened
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
How to Improve Okta Security in Four Steps
Mandatory Coinbase wallet migration? It’s a phishing scam!
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset
Free file converter malware scam “rampant” claims FBI
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
ClickFix: How to Infect Your PC in Three Easy Steps
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right
Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Chromecast chaos – 2nd gen devices go belly-up as Google struggles to fix certificate issue
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand
Man found guilty of planting infinite loop logic bomb on ex-employer’s system
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
Pentesters: Is AI Coming for Your Role?
URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
Alleged Co-Founder of Garantex Arrested in India
The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
Steganography Explained: How XWorm Hides Inside Images
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
Webinar: Credential security in the age of AI: Insights for IT leaders
Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
Why The Modern Google Workspace Needs Unified Security
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
Feds Link $150M Cyberheist to 2022 LastPass Hacks
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive
What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey
U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
Who is the DOGE and X Technician Branden Spikes?
Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Outsmarting Cyber Threats with Attack Graphs
Smashing Security podcast #407: HP’s hold music, and human trafficking
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
Cactus ransomware: what you need to know
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud
Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America
Defending against USB drive attacks with Wazuh
Fake police call cryptocurrency investors to steal their funds
Identity: The New Cybersecurity Battleground
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
The AI Fix #40: ChatGPT saved my life, and making evil AIs by accident
VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
CISA refutes claims it has been ordered to stop monitoring Russian cyber threats
How New AI Agents Will Transform Credential Stuffing Attacks
Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm
Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks
U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices
Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
Stop targeting Russian hackers, Trump administration orders US Cyber Command
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists
The New Ransomware Groups Shaking Up 2025
Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries
Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs
RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable
Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme
Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus
12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
Warning issued as hackers offer firms fake cybersecurity audits to break into their systems
Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
Smashing Security podcast #406: History’s biggest heist just happened, and online abuse
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads
CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
Three Password Cracking Techniques and How to Defend Against Them
New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware
LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere
Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon
GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT
5 Active Malware Campaigns in Q1 2025
FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer
Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats
Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Australia Bans Kaspersky Software Over National Security and Espionage Concerns
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
AI-Powered Deception is a Menace to Our Societies
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
PCI DSS 4.0 Mandates DMARC By 31st March 2025
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
The Ultimate MSP Guide to Structuring and Selling vCISO Services
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
How Phished Data Turns into Apple & Google Wallets
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
Debunking the AI Hype: Inside Real Hacker Tactics
New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
CISO's Expert Guide To CTEM And Why It Matters
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
AI-Powered Social Engineering: Ancillary Tools and Techniques
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Nearly a Year Later, Mozilla is Still Promoting OneRep
How to Steer AI Adoption: A CISO Guide
Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
AI and Security - A New Puzzle to Figure Out
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
Don't Overlook These 6 Critical Okta Security Configurations
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Teen on Musk’s DOGE Team Graduated from ‘The Com’
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection
AI-Powered Social Engineering: Reinvented Threats
India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud
Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
Experts Flag Security, Privacy Risks in DeepSeek AI App
Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
Top 3 Ransomware Threats Active in 2025
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom
Man sentenced to 7 years in prison for role in $50m internet scam
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
Navigating the Future: Key IT Vulnerability Management Trends
AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
The AI Fix #36: A DeepSeek special
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
Watch Out For These 8 Cloud Security Shifts in 2025
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
What Is Attack Surface Management?
Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Google Bans 158,000 Malicious Android App Developer Accounts in 2024
Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns
Top 5 AI-Powered Social Engineering Attacks
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
Infrastructure Laundering: Blending in with the Cloud
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
SOC Analysts - Reimagining Their Role Using AI
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
How Interlock Ransomware Infects Healthcare Organizations
Ex-worker arrested after ‘shutdown’ of British Museum computer systems
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics
AI SOC Analysts: Propelling SecOps into the future
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries
Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks
Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
A Tumultuous Week for Federal Cybersecurity Efforts
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
Do We Really Need The OWASP NHI Top 10?
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
2025 State of SaaS Backup and Recovery Report
DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks
Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
New Research: The State of Web Exposure 2025
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
How to Eliminate Identity-Based Threats
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
MasterCard DNS Error Went Unnoticed for Years
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
Half a million hotel guests at risk after hackers accessed sensitive data
President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device
The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs
Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
Medusa ransomware: what you need to know
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
No, Brad Pitt isn’t in love with you
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
The High-Stakes Disconnect For ICS/OT Security
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
Microsoft: Happy 2025. Here’s 161 Security Updates
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Ransomware on ESXi: The mechanization of virtualized attacks
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Smashing Security podcast #399: Honey in hot water, and reset your devices
Space Bears ransomware: what you need to know
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
Product Review: How Reco Discovers Shadow AI in SaaS
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
United Nations aviation agency hacked, recruitment database plundered
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques
Top 5 Malware Threats to Prepare Against in 2025
FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
A Day in the Life of a Prolific Voice Phishing Crew
The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns
New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
Fireside chat with Graham Cluley about risks of AI adoption in 2025
The AI Fix #31: Replay: AI doesn’t exist
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites
Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics
New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal
US Facebook users can now claim their share of $725 million Cambridge Analytica settlement
3CX Breach Was a Double Supply Chain Compromise
US charges three men with six million dollar business email compromise plot
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients’ session notes
Giving a Face to the Malware Proxy Service ‘Faceless’
Army helicopter crash blamed on skipped software patch
Why is ‘Juice Jacking’ Suddenly Back in the News?
As Tax Day approaches, Microsoft warns accounting firms of targeted attacks
Pentagon leak suspect Jack Teixeira arrested at gunpoint
Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
Plenty of juice-jacking scare stories, but precious little juice-jacking
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Ukrainian hackers spend $25,000 of pro-Russian blogger’s money on sex toys
Smashing Security podcast #316: Of Musk and Afroman
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
That ticking noise is your end users’ laptops
A Serial Tech Investment Scammer Takes Up Coding?
Managed Services: A Better Understanding
German Police Raid DDoS-Friendly Host ‘FlyHosting’
5 Great Reasons You Must Outsource IT and Cybersecurity
Technology Solutions Providers: Providing the Peace of Mind You Deserve
Warning! Top Cybersecurity Concerns You Need to Consider
Preparing for the Unexpected: A Quick Guide to BCDR

Sitemap

Posts

Pages

Categories

Latest Posts