Posts
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
- The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
- Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
- Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
- Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection
- OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
- BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation
- Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
- Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
- LockBit ransomware gang breached, secrets exposed
- Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
- Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump
- Beyond Vulnerability Management – Can You CVE What I CVE?
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
- 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
- SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
- Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware
- MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
- Security Tools Alone Don't Protect You — Control Effectiveness Does
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
- Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
- Smashing Security podcast #416: High street hacks, and Disney’s Wingdings woe
- Pakistani Firm Shipped Fentanyl Analogs, Scams to US
- OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
- Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
- Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
- TeleMessage, the Signal clone used by US government officials, suffers hack
- Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
- NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
- The AI Fix #49: The typo from hell
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
- New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims
- Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches
- Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks
- Entra ID Data Protection: Essential or Overkill?
- Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
- Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
- Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace
- ⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
- Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
- U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
- TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
- How to Automate CVE and Vulnerability Advisory Response with Tines
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
- Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
- xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
- Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
- Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
- Why top SOC teams are shifting to Network Detection and Response
- DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
- New Research Reveals: 95% of AppSec Fixes Don’t Reduce Risk
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
- SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
- Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams
- Alleged ‘Scattered Spider’ Member Extradited to U.S.
- Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
- Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
- [Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats
- Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About
- RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control
- Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code
- Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations
- New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems
- WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy
- The AI Fix #48: AI Jesus, and is the AI Singularity almost upon us?
- SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients
- 21 million employee screenshots leaked in bossware breach blunder
- Ransomware attacks on critical infrastructure surge, reports FBI
- Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products
- Product Walkthrough: Securing Microsoft Copilot with Reco
- Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
- How Breaches Start: Breaking Down 5 Real Vulns
- Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
- WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
- Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
- ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
- Why NHIs Are Security's Most Dangerous Blind Spot
- SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers
- Hackers access sensitive SIM card data at South Korea’s largest telecoms company
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
- Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
- 159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
- Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
- Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
- Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
- Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
- WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads
- Smashing Security podcast #414: Zoom.. just one click and your data goes boom!
- DOGE Worker’s Code Supports NLRB Whistleblower
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
- Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
- Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos
- The AI Fix #47: An AI is the best computer programmer in the world
- GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
- 5 Major Concerns With Employees Using The Browser
- Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
- Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
- Whistleblower: DOGE Siphoned NLRB Case Data
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
- ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
- 5 Reasons Device Management Isn't Device Trust
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
- APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
- Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
- [Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
- Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
- Artificial Intelligence – What's all the fuss?
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
- Blockchain Offers Security Benefits – But Don't Neglect Your Passwords
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
- Smashing Security podcast #413: Hacking the hackers… with a credit card?
- Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
- Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024
- From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins
- Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
- Insurance firm Lemonade warns of breach of thousands of driving license numbers
- Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
- U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert
- Funding Expires for Key Cyber Vulnerability Database
- RansomHouse ransomware: what you need to know
- The AI Fix #46: AI can read minds now, and is your co-host a clone?
- Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
- Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
- Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
- Trump Revenge Tour Targets Cyber Leaders, Elections
- ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
- Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
- Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
- Medusa ransomware gang claims to have hacked NASCAR
- Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
- Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
- Initial Access Brokers Shift Tactics, Selling More for Less
- Ransomware reaches a record high, but payouts are dwindling
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
- Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
- OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
- Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
- China-based SMS Phishing Triad Pivots to Banks
- Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
- Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
- The Identities Behind AI Agents: A Deep Dive Into AI & NHI
- PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
- Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
- AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
- Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing
- Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
- Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
- Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
- Patch Tuesday, April 2025 Edition
- The AI Fix #45: The Turing test falls to GPT-4.5
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
- Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
- Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
- UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
- Agentic AI in the SOC - Dawn of Autonomous Alert Triage
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
- Russian bots hard at work spreading political unrest on Romania’s internet
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
- ⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Comeback and More
- King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors
- Security Theater: Vanity Metrics Keep You Busy - and Exposed
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
- Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
- Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
- Have We Reached a Distroless Tipping Point?
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
- HellCat ransomware: what you need to know
- Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
- AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar
- AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock
- Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
- Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
- Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
- Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
- Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
- How SSL Misconfigurations Impact Your Attack Surface
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
- New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
- Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
- Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform
- The AI Fix #44: AI-generated malware, and a stunning AI breakthrough
- Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
- China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
- New Case Study: Global Retailer Overshares CSRF Tokens with Facebook
- Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign
- Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
- Hackers exploit little-known WordPress MU-plugins feature to hide malware
- Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
- 5 Impactful AWS Vulnerabilities You're Responsible For
- ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
- £3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack
- Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
- How Each Pillar of the 1st Amendment is Under Attack
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
- Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
- VanHelsing ransomware: what you need to know
- CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
- Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
- PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
- Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
- When Getting Phished Puts You in Mortal Danger
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
- New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
- Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!
- Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport
- 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
- NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
- RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
- Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience
- Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
- How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
- Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
- The AI Fix #43: I, for one, welcome our new robot overlords!
- Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
- INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
- VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
- How to Balance Password Security Against User Experience
- VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
- GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets
- U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
- Arrests in Tap-to-Pay Scheme Powered by Phishing
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
- Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
- 10 Critical Network Pentest Findings IT Teams Overlook
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
- BlackLock ransomware: What you need to know
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
- Smashing Security podcast #409: Peeping perverts and FBI phone calls
- Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
- How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
- Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
- Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
- Supply-chain CAPTCHA attack hits over 100 car dealerships
- CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
- DOGE to Fired CISA Staff: Email Us Your Personal Data
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
- Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
- ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
- Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
- 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
- Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
- The AI Fix #42: AIs with anxiety, and why AIs don’t know what happened
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
- BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
- China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
- How to Improve Okta Security in Four Steps
- Mandatory Coinbase wallet migration? It’s a phishing scam!
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
- Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
- Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
- Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
- GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
- Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset
- Free file converter malware scam “rampant” claims FBI
- Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
- ClickFix: How to Infect Your PC in Three Easy Steps
- Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
- GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
- Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
- OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
- Chromecast chaos – 2nd gen devices go belly-up as Google struggles to fix certificate issue
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
- Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
- Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
- WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
- Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand
- Man found guilty of planting infinite loop logic bomb on ex-employer’s system
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
- Pentesters: Is AI Coming for Your Role?
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
- Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
- Alleged Co-Founder of Garantex Arrested in India
- The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
- Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
- Steganography Explained: How XWorm Hides Inside Images
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
- SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
- Webinar: Credential security in the age of AI: Insights for IT leaders
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
- Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
- Why The Modern Google Workspace Needs Unified Security
- ⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
- SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
- Feds Link $150M Cyberheist to 2022 LastPass Hacks
- FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
- Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
- Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive
- What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey
- U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
- This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
- Who is the DOGE and X Technician Branden Spikes?
- Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
- EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
- Outsmarting Cyber Threats with Attack Graphs
- Smashing Security podcast #407: HP’s hold music, and human trafficking
- Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
- U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
- Cactus ransomware: what you need to know
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud
- Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America
- Defending against USB drive attacks with Wazuh
- Fake police call cryptocurrency investors to steal their funds
- Identity: The New Cybersecurity Battleground
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
- Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
- The AI Fix #40: ChatGPT saved my life, and making evil AIs by accident
- VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
- CISA refutes claims it has been ordered to stop monitoring Russian cyber threats
- How New AI Agents Will Transform Credential Stuffing Attacks
- Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks
- U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices
- Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
- Stop targeting Russian hackers, Trump administration orders US Cyber Command
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists
- The New Ransomware Groups Shaking Up 2025
- Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries
- Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
- Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
- 5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs
- RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable
- Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme
- Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus
- 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
- Warning issued as hackers offer firms fake cybersecurity audits to break into their systems
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
- Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
- PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
- Smashing Security podcast #406: History’s biggest heist just happened, and online abuse
- Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
- Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles
- Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads
- CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
- Three Password Cracking Techniques and How to Defend Against Them
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
- SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
- Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware
- LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
- The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere
- Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
- 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT
- 5 Active Malware Campaigns in Q1 2025
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
- New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer
- Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats
- Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense
- ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
- Australia Bans Kaspersky Software Over National Security and Espionage Concerns
- Trump 2.0 Brings Cuts to Cyber, Consumer Protections
- Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
- OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
- Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
- Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
- Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
- Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
- AI-Powered Deception is a Menace to Our Societies
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
- Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
- Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
- Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
- PCI DSS 4.0 Mandates DMARC By 31st March 2025
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
- New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
- The Ultimate MSP Guide to Structuring and Selling vCISO Services
- Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
- How Phished Data Turns into Apple & Google Wallets
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
- Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
- Debunking the AI Hype: Inside Real Hacker Tactics
- New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
- Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
- South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
- CISO's Expert Guide To CTEM And Why It Matters
- New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
- Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
- Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
- RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
- AI-Powered Social Engineering: Ancillary Tools and Techniques
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
- Nearly a Year Later, Mozilla is Still Promoting OneRep
- How to Steer AI Adoption: A CISO Guide
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
- AI and Security - A New Puzzle to Figure Out
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
- Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams
- North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
- Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal
- US Facebook users can now claim their share of $725 million Cambridge Analytica settlement
- 3CX Breach Was a Double Supply Chain Compromise
- US charges three men with six million dollar business email compromise plot
- Ex-CEO of hacked therapy clinic sentenced for failing to protect patients’ session notes
- Giving a Face to the Malware Proxy Service ‘Faceless’
- Army helicopter crash blamed on skipped software patch
- Why is ‘Juice Jacking’ Suddenly Back in the News?
- As Tax Day approaches, Microsoft warns accounting firms of targeted attacks
- Pentagon leak suspect Jack Teixeira arrested at gunpoint
- Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
- Plenty of juice-jacking scare stories, but precious little juice-jacking
- Microsoft (& Apple) Patch Tuesday, April 2023 Edition
- Ukrainian hackers spend $25,000 of pro-Russian blogger’s money on sex toys
- Smashing Security podcast #316: Of Musk and Afroman
- FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
- That ticking noise is your end users’ laptops
- A Serial Tech Investment Scammer Takes Up Coding?
- Managed Services: A Better Understanding
- German Police Raid DDoS-Friendly Host ‘FlyHosting’
- 5 Great Reasons You Must Outsource IT and Cybersecurity
- Technology Solutions Providers: Providing the Peace of Mind You Deserve
- Warning! Top Cybersecurity Concerns You Need to Consider
- Preparing for the Unexpected: A Quick Guide to BCDR
Pages
- No Access
- Maintenance Page
- Sitemap
- Contact our Support Team
- Secure Password Campaign Landing Page
- Free Download
- FREE Consultation
- Aspirin Campaign Landing Page
- Cyber News & Articles
- Home
- Testimonials
- Contact
- Services
- Co-Managed IT and Cybersecurity
- Cloud Hosting
- Vulnerability (Patch) Management
- Hardware and Software Management
- Employee Onboarding and Offboarding
- Cybersecurity Awareness Training
- Cloud-Based Data Storage Management
- Proofpoint: Microsoft 365 + Protection
- Network Layer (DNS) Protection
- Managed Detection and Response (MDR)
- Outsourced IT
- Data Backup and Recovery
- About Us