Posts
- APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
- Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
- [Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
- Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
- Artificial Intelligence – What's all the fuss?
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
- Blockchain Offers Security Benefits – But Don't Neglect Your Passwords
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
- Smashing Security podcast #413: Hacking the hackers… with a credit card?
- Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
- Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024
- From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins
- Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
- Insurance firm Lemonade warns of breach of thousands of driving license numbers
- Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
- U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert
- Funding Expires for Key Cyber Vulnerability Database
- RansomHouse ransomware: what you need to know
- The AI Fix #46: AI can read minds now, and is your co-host a clone?
- Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
- Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
- Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
- Trump Revenge Tour Targets Cyber Leaders, Elections
- ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
- Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
- Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
- Medusa ransomware gang claims to have hacked NASCAR
- Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
- Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
- Initial Access Brokers Shift Tactics, Selling More for Less
- Ransomware reaches a record high, but payouts are dwindling
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
- Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
- OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
- Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
- China-based SMS Phishing Triad Pivots to Banks
- Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
- Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
- The Identities Behind AI Agents: A Deep Dive Into AI & NHI
- PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
- Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
- AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
- Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing
- Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
- Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
- Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
- Patch Tuesday, April 2025 Edition
- The AI Fix #45: The Turing test falls to GPT-4.5
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
- Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
- Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
- UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
- Agentic AI in the SOC - Dawn of Autonomous Alert Triage
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
- Russian bots hard at work spreading political unrest on Romania’s internet
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
- ⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Comeback and More
- King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors
- Security Theater: Vanity Metrics Keep You Busy - and Exposed
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
- Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
- Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
- Have We Reached a Distroless Tipping Point?
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
- HellCat ransomware: what you need to know
- Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
- AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar
- AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock
- Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
- Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
- Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
- Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
- Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
- How SSL Misconfigurations Impact Your Attack Surface
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
- New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
- Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
- Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform
- The AI Fix #44: AI-generated malware, and a stunning AI breakthrough
- Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
- China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
- New Case Study: Global Retailer Overshares CSRF Tokens with Facebook
- Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign
- Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
- Hackers exploit little-known WordPress MU-plugins feature to hide malware
- Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
- 5 Impactful AWS Vulnerabilities You're Responsible For
- ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
- £3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack
- Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
- How Each Pillar of the 1st Amendment is Under Attack
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
- Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
- VanHelsing ransomware: what you need to know
- CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
- Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
- PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
- Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
- When Getting Phished Puts You in Mortal Danger
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
- New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
- Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!
- Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport
- 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
- NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
- RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
- Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience
- Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
- How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
- Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
- The AI Fix #43: I, for one, welcome our new robot overlords!
- Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
- INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
- VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
- How to Balance Password Security Against User Experience
- VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
- GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets
- U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
- Arrests in Tap-to-Pay Scheme Powered by Phishing
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
- Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
- 10 Critical Network Pentest Findings IT Teams Overlook
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
- BlackLock ransomware: What you need to know
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
- Smashing Security podcast #409: Peeping perverts and FBI phone calls
- Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
- How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
- Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
- Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
- Supply-chain CAPTCHA attack hits over 100 car dealerships
- CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
- DOGE to Fired CISA Staff: Email Us Your Personal Data
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
- Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
- ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
- Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
- 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
- Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
- The AI Fix #42: AIs with anxiety, and why AIs don’t know what happened
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
- BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
- China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
- How to Improve Okta Security in Four Steps
- Mandatory Coinbase wallet migration? It’s a phishing scam!
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
- Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
- Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
- Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
- GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
- Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset
- Free file converter malware scam “rampant” claims FBI
- Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
- ClickFix: How to Infect Your PC in Three Easy Steps
- Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
- GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
- Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
- OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
- Chromecast chaos – 2nd gen devices go belly-up as Google struggles to fix certificate issue
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
- Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
- Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
- WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
- Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand
- Man found guilty of planting infinite loop logic bomb on ex-employer’s system
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
- Pentesters: Is AI Coming for Your Role?
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
- Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
- Alleged Co-Founder of Garantex Arrested in India
- The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
- Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
- Steganography Explained: How XWorm Hides Inside Images
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
- SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
- Webinar: Credential security in the age of AI: Insights for IT leaders
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
- Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
- Why The Modern Google Workspace Needs Unified Security
- ⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
- SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
- Feds Link $150M Cyberheist to 2022 LastPass Hacks
- FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
- Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
- Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive
- What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey
- U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
- This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
- Who is the DOGE and X Technician Branden Spikes?
- Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
- EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
- Outsmarting Cyber Threats with Attack Graphs
- Smashing Security podcast #407: HP’s hold music, and human trafficking
- Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
- U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
- Cactus ransomware: what you need to know
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud
- Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America
- Defending against USB drive attacks with Wazuh
- Fake police call cryptocurrency investors to steal their funds
- Identity: The New Cybersecurity Battleground
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
- Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
- The AI Fix #40: ChatGPT saved my life, and making evil AIs by accident
- VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
- CISA refutes claims it has been ordered to stop monitoring Russian cyber threats
- How New AI Agents Will Transform Credential Stuffing Attacks
- Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks
- U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices
- Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
- Stop targeting Russian hackers, Trump administration orders US Cyber Command
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists
- The New Ransomware Groups Shaking Up 2025
- Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries
- Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
- Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
- 5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs
- RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable
- Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme
- Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus
- 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
- Warning issued as hackers offer firms fake cybersecurity audits to break into their systems
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
- Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
- PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
- Smashing Security podcast #406: History’s biggest heist just happened, and online abuse
- Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
- Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles
- Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads
- CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
- Three Password Cracking Techniques and How to Defend Against Them
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
- SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
- Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware
- LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
- The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere
- Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
- 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT
- 5 Active Malware Campaigns in Q1 2025
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
- New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer
- Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats
- Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense
- ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
- Australia Bans Kaspersky Software Over National Security and Espionage Concerns
- Trump 2.0 Brings Cuts to Cyber, Consumer Protections
- Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
- OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
- Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
- Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
- Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
- Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
- AI-Powered Deception is a Menace to Our Societies
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
- Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
- Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
- Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
- PCI DSS 4.0 Mandates DMARC By 31st March 2025
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
- New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
- The Ultimate MSP Guide to Structuring and Selling vCISO Services
- Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
- How Phished Data Turns into Apple & Google Wallets
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
- Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
- Debunking the AI Hype: Inside Real Hacker Tactics
- New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
- Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
- South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
- CISO's Expert Guide To CTEM And Why It Matters
- New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
- Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
- Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
- RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
- AI-Powered Social Engineering: Ancillary Tools and Techniques
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
- Nearly a Year Later, Mozilla is Still Promoting OneRep
- How to Steer AI Adoption: A CISO Guide
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
- AI and Security - A New Puzzle to Figure Out
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
- Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams
- North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
- 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
- ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
- Don't Overlook These 6 Critical Okta Security Configurations
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
- Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
- Teen on Musk’s DOGE Team Graduated from ‘The Com’
- DeepSeek App Transmits Sensitive User and Device Data Without Encryption
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
- Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection
- AI-Powered Social Engineering: Reinvented Threats
- India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
- Experts Flag Security, Privacy Risks in DeepSeek AI App
- Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
- The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
- Top 3 Ransomware Threats Active in 2025
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
- Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom
- Man sentenced to 7 years in prison for role in $50m internet scam
- Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
- Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
- Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
- New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
- Navigating the Future: Key IT Vulnerability Management Trends
- AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
- The AI Fix #36: A DeepSeek special
- Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
- Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
- Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
- Watch Out For These 8 Cloud Security Shifts in 2025
- AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
- Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
- 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
- PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
- What Is Attack Surface Management?
- Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
- ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
- Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
- U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
- BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
- Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
- Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts
- FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
- CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024
- Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns
- Top 5 AI-Powered Social Engineering Attacks
- Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
- Infrastructure Laundering: Blending in with the Cloud
- Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
- Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter
- Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
- DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
- SOC Analysts - Reimagining Their Role Using AI
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
- Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps
- Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
- AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
- How Interlock Ransomware Infects Healthcare Organizations
- Ex-worker arrested after ‘shutdown’ of British Museum computer systems
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
- Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
- UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
- PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
- OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
- The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics
- AI SOC Analysts: Propelling SecOps into the future
- How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
- Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
- E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries
- Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
- A Tumultuous Week for Federal Cybersecurity Efforts
- Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government
- GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
- ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
- Do We Really Need The OWASP NHI Top 10?
- GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
- Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
- RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
- 2025 State of SaaS Backup and Recovery Report
- DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations
- Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks
- Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations
- CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
- Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
- Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
- Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
- Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
- New Research: The State of Web Exposure 2025
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
- How to Eliminate Identity-Based Threats
- QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
- TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
- Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose
- Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
- MasterCard DNS Error Went Unnoticed for Years
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
- Half a million hotel guests at risk after hackers accessed sensitive data
- President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
- Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
- Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device
- The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs
- Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
- Medusa ransomware: what you need to know
- Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
- HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
- Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal
- US Facebook users can now claim their share of $725 million Cambridge Analytica settlement
- 3CX Breach Was a Double Supply Chain Compromise
- US charges three men with six million dollar business email compromise plot
- Ex-CEO of hacked therapy clinic sentenced for failing to protect patients’ session notes
- Giving a Face to the Malware Proxy Service ‘Faceless’
- Army helicopter crash blamed on skipped software patch
- Why is ‘Juice Jacking’ Suddenly Back in the News?
- As Tax Day approaches, Microsoft warns accounting firms of targeted attacks
- Pentagon leak suspect Jack Teixeira arrested at gunpoint
- Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
- Plenty of juice-jacking scare stories, but precious little juice-jacking
- Microsoft (& Apple) Patch Tuesday, April 2023 Edition
- Ukrainian hackers spend $25,000 of pro-Russian blogger’s money on sex toys
- Smashing Security podcast #316: Of Musk and Afroman
- FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
- That ticking noise is your end users’ laptops
- A Serial Tech Investment Scammer Takes Up Coding?
- Managed Services: A Better Understanding
- German Police Raid DDoS-Friendly Host ‘FlyHosting’
- 5 Great Reasons You Must Outsource IT and Cybersecurity
- Technology Solutions Providers: Providing the Peace of Mind You Deserve
- Warning! Top Cybersecurity Concerns You Need to Consider
- Preparing for the Unexpected: A Quick Guide to BCDR
Pages
- No Access
- Maintenance Page
- Sitemap
- Contact our Support Team
- Secure Password Campaign Landing Page
- Free Download
- FREE Consultation
- Aspirin Campaign Landing Page
- Cyber News & Articles
- Home
- Testimonials
- Contact
- Services
- Co-Managed IT and Cybersecurity
- Cloud Hosting
- Vulnerability (Patch) Management
- Hardware and Software Management
- Employee Onboarding and Offboarding
- Cybersecurity Awareness Training
- Cloud-Based Data Storage Management
- Proofpoint: Microsoft 365 + Protection
- Network Layer (DNS) Protection
- Managed Detection and Response (MDR)
- Outsourced IT
- Data Backup and Recovery
- About Us