Category: Cyber Security News

Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks.  The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger denial of service (DoS) conditions…

Read more →

Cybersecurity experts have uncovered a sophisticated malware campaign that initially exploited the popular DeepSeek LLM as a lure but has now expanded significantly. In early March 2025, researchers identified malicious operations using DeepSeek as bait, but subsequent telemetry analysis has…

Read more →

Recent network monitoring data from SANS reveals a significant spike in targeted scans seeking to exploit default credentials in Juniper Networks’ Session Smart Router (SSR) platform.  Security researchers have observed a massive coordinated campaign attempting to identify and compromise vulnerable…

Read more →

A new sophisticated attack campaign targeting Apache Tomcat servers has emerged, with attackers deploying encrypted and encoded payloads designed to run on both Windows and Linux systems. The attack chain begins with brute-force attempts against Tomcat management consoles using commonly…

Read more →

A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments.  The malware advertisement, discovered on Thursday,…

Read more →

A sophisticated new malware campaign targeting the magic community has emerged. Dubbed “AbracadabraStealer,” this malware steals login credentials from magic forums, online shops, and streaming platforms where enthusiasts store payment information. The attackers have crafted a particularly deceptive operation that…

Read more →

The Jenkins project has disclosed multiple security vulnerabilities affecting its core platform and several plugins, exposing organizations to potential data breaches and code execution attacks.  Eight distinct vulnerabilities observed across Jenkins core and various plugins that could allow attackers to…

Read more →

Critical vulnerabilities in Google’s Quick Share file transfer utility for Windows allowed attackers to achieve remote code execution (RCE) without user interaction.  The flaws exposed millions of Windows users to potential attacks through this peer-to-peer data transfer application. Ten unique…

Read more →

A sophisticated malware campaign leveraging SmokeLoader has been identified targeting the First Ukrainian International Bank. Attackers are using weaponized 7z archives as the initial attack vector, leading to the deployment of infostealer malware through a complex infection chain. The attack…

Read more →

A sophisticated attack campaign targeting Telegram users has emerged, with cybercriminals exploiting a commonly overlooked vulnerability: default voicemail passwords. Security experts have identified a surge in account hijacking incidents, particularly in Israel, where attackers leverage voicemail systems to intercept authentication…

Read more →

A widespread cryptojacking campaign targeting poorly secured PostgreSQL database servers has impacted over 1,500 victims globally. The attack leverages fileless execution techniques and credential brute-forcing to deploy Monero (XMR)-mining malware while evading traditional cloud workload protection (CWPP) tools. Security analysts…

Read more →

A critical security vulnerability in the Verizon Call Filter iOS app exposed the incoming call records of potentially millions of Verizon Wireless customers, allowing unauthorized access to sensitive communication metadata without device compromise or user notification.  Independent security researcher Evan…

Read more →

GitHub has revealed that over 39 million secrets were leaked across its platform in 2024 alone, prompting the company to launch new security tools to combat this persistent threat.  The exposed secrets include API keys, credentials, tokens, and other sensitive…

Read more →

GoResolver, a ground-breaking open-source tool, was unveiled to address one of the most persistent issues in malware analysis: deobfuscating Golang binaries.  Developed by Volexity, this innovative solution employs control-flow graph similarity techniques to recover obfuscated function names, significantly enhancing reverse…

Read more →

In one of the largest coordinated law enforcement operations against online child exploitation, authorities have dismantled Kidflix, a major streaming platform for child sexual abuse material (CSAM) that had amassed 1.8 million users worldwide.  The international operation codenamed “Operation Stream,”…

Read more →

Companies evaluate their cybersecurity posture and protect network infrastructure implementations by employing cybersecurity experts to undertake security assessments. The organization may engage penetration testers to conduct offensive attacks against the established security measures for the infrastructure. The company will concurrently…

Read more →

A new sophisticated phishing campaign leveraging QR codes to steal Microsoft 365 login credentials has emerged in the cybersecurity landscape. This attack represents a significant evolution in phishing tactics, combining social engineering with technical sophistication to bypass traditional email security…

Read more →

A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has been assigned a CVSS score…

Read more →

Cybersecurity experts observed the emergence of a concerning trend in which ransomware attacks leveraging malware created with an open-source tool called “Prince Ransomware.” This Go-language builder was freely available on GitHub, significantly lowering the technical barrier for attackers to launch…

Read more →

Two critical vulnerabilities were actively exploited in Cisco Smart Licensing Utility, potentially allowing attackers to gain administrative access to affected systems.  Organizations running vulnerable software versions are urged to apply patches immediately as exploitation attempts continue to increase. According to…

Read more →

The notorious Gootloader malware has reemerged with evolved tactics, now leveraging Google Search advertisements to target users seeking legal document templates. This sophisticated campaign specifically promotes “free” legal templates, primarily non-disclosure agreements, through sponsored search results that appear legitimate to…

Read more →

ChatGPT, the popular AI chatbot developed by OpenAI, experienced a significant outage on April 2, 2025. The outage impacted thousands of users globally and left many users unable to access the service. Users in India, the United States, and other…

Read more →

Outlaw has emerged as a persistent Linux malware that continues to infect systems worldwide despite its relatively unsophisticated techniques. This malware has demonstrated remarkable longevity in the threat landscape by leveraging simple yet effective tactics such as SSH brute-forcing, strategic…

Read more →

Critical security vulnerabilities discovered in a popular WordPress plugin have placed more than 20,000 websites at risk of complete site takeover.  Security researchers identified two high-severity flaws in the WP Ultimate CSV Importer plugin that could allow even low-privileged users…

Read more →

French antitrust regulators have imposed a €150 million ($162.4 million) fine on Apple for abusing its dominant market position through its App Tracking Transparency (ATT) framework, marking the first regulatory penalty specifically targeting this privacy control mechanism. The French Competition…

Read more →

A significant security vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to access private container images stored in Google Artifact Registry and Google Container Registry.  The vulnerability, dubbed “ImageRunner,” has been fixed but highlights a concerning privilege…

Read more →

Mozilla has officially released Firefox 137, addressing multiple high-severity security vulnerabilities that could potentially allow remote attackers to execute arbitrary code, trigger denial of service conditions, or elevate privileges on affected systems.  This critical security update, announced on April 1,…

Read more →

The most common passwords hackers are using in attacks against Remote Desktop Protocol (RDP) services, highlighting critical vulnerabilities in many organizations’ security postures.  The Specops research team analyzed 15 million passwords used in live attacks against RDP ports, revealing that…

Read more →

Web browsing history, a feature designed to enhance user convenience by styling visited links differently, has inadvertently become a privacy vulnerability exploited by attackers.  While this functionality helps users navigate websites by visually distinguishing visited links, it also opens the…

Read more →

Google has launched a new end-to-end encryption (E2EE) model for Gmail enterprise users, marking a significant advancement in email security that allows business customers to send fully encrypted emails to any recipient with minimal technical complexity.  Announced on April 1,…

Read more →

Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. This multi-stage malware masquerades as legitimate banking applications to trick users into revealing sensitive financial…

Read more →

Google has rolled out a critical security update for Chrome 135 across all desktop platforms. The update addresses fourteen vulnerabilities, including high-severity flaws that could enable remote code execution. The stable channel update (135.0.7049.52 for Linux, 135.0.7049.41/42 for Windows/macOS) comes…

Read more →

Cybersecurity researchers have uncovered a sophisticated new attack method that exploits wireless communication channels to create covert backdoors, enabling threat actors to capture sensitive credentials without detection. This technique, dubbed “Channel Triggered Backdoor Attack,” manipulates subtle variations in wireless signals…

Read more →

A significant surge in cyberattacks targeting enterprise network appliances and remote access tools has put global organizations on high alert.  On March 28, 2025, GreyNoise observed a 300% increase in malicious activity directed at SonicWall firewalls, Zoho ManageEngine platforms, F5…

Read more →

In a concerning development for Linux kernel security, researchers have demonstrated how side-channel leakage in kernel defenses can be exploited to compromise even the latest Linux kernels. The technique, detailed in a USENIX Security paper, reveals how certain kernel defenses…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories on April 1, 2025, highlighting significant vulnerabilities in critical infrastructure components.  These advisories, ICSA-25-091-01 and ICSA-24-331-04, address security flaws in Rockwell Automation and Hitachi Energy products…

Read more →

Sliver, a multi-platform Command & Control framework written entirely in Go, has gained significant traction in offensive security since its 2020 release. The framework provides red teams with powerful post-exploitation capabilities, but as its user base has expanded, detection has…

Read more →

Python has officially standardized a lock file format with the acceptance of PEP 751 marking a significant milestone for the Python packaging ecosystem. The new format, named pylock.toml, addresses long-standing issues with dependency management by providing a standardized way to…

Read more →

Ransomware has emerged as one of the most devastating cyberthreats facing organizations today, capable of bringing even thriving businesses to their knees within hours. As digital transformation accelerates across sectors, the attack surface for these malicious campaigns continues to expand,…

Read more →

Cybersecurity experts have identified a sophisticated phishing campaign specifically targeting taxpayers through their mobile devices. The attacks leverage the heightened anxiety of last-minute tax filers, creating a perfect storm for cybercriminals looking to harvest sensitive personal and financial information. These…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Apache Tomcat vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation in the wild.  The vulnerability, tracked as CVE-2025-24813, allows remote attackers to execute arbitrary…

Read more →

Cybersecurity researchers identified a sophisticated malware campaign leveraging a new variant of KoiLoader, a modular payload delivery system notorious for distributing information stealers like Koi Stealer. This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass…

Read more →

A sophisticated multi-stage attack where threat actors leverage Microsoft Teams to deliver malicious payloads, establishing persistence and remote access to corporate networks.  This new attack vector exploits Teams’ perceived security as an internal business application, allowing attackers to bypass traditional…

Read more →

A sophisticated cyber espionage campaign attributed to Iranian state-sponsored group APT34 (OilRig) has targeted Iraqi governmental entities and critical infrastructure sectors since late 2024, leveraging new malware variants designed to evade conventional security measures. The group, active since 2012, has…

Read more →

Threat hunting isn’t just a job — it’s an adventure. There’s a thrill in proactively chasing down adversaries who think they’ve outsmarted your defenses. It’s this blend of challenge, creativity, and impact that makes threat hunting not only fun but…

Read more →

A critical security flaw in Kentico Xperience CMS, a widely used enterprise content management system (CMS), has been uncovered. By exploiting a Cross-Site Scripting (XSS) vulnerability, attackers can execute remote code.  This vulnerability, tracked as CVE-2025-2748, affects versions of Kentico…

Read more →

Researchers from Xi’an Jiaotong University have introduced EncGPT, an AI-powered multi-agent framework that dynamically generates encryption and decryption rules. This innovation addresses critical challenges in communication security, balancing cost-efficiency and high-level encryption reliability. EncGPT leverages large language models (LLMs) to…

Read more →

VMware has issued a critical security advisory (VMSA-2025-0006) addressing a high-severity local privilege escalation vulnerability (CVE-2025-22231) in its Aria Operations platform. The flaw, rated 7.8 on the CVSSv3 scale, allows attackers with local administrative access to gain root-level control over…

Read more →

A critical security vulnerability in Plantronics Hub software enables attackers to escalate privileges through an unquoted search path weakness. Affecting versions 3.24.5 through 3.25.2, this vulnerability becomes particularly dangerous when installed alongside OpenScape Fusion for MS Office, which is often…

Read more →

HijackLoader, a sophisticated malware loader initially discovered in 2023, has evolved with new advanced modules designed to evade security detection and analysis. Also known as IDAT Loader and GHOSTPULSE, this modular malware not only delivers second-stage payloads but also employs…

Read more →

A significant data breach has hit Samsung Germany as threat actor “GHNA” has released 270,000 customer support tickets for free on hacking forums.  The breach, which occurred in March 2025, exposes extensive personal and transactional data from Samsung’s German operations…

Read more →

A high-severity security vulnerability (CVE-2025-1449) affecting its Verve Asset Manager product could allow attackers with administrative access to execute arbitrary commands.  The vulnerability, discovered in versions 1.39 and earlier, has been assigned a CVSS Base Score of 9.1 (v3.1), indicating…

Read more →

Penetration testing, also known as ethical hacking, is a critical process in cybersecurity aimed at identifying and addressing vulnerabilities within systems, networks, and applications. By simulating real-world attacks, penetration testing helps organizations uncover weaknesses before malicious actors can exploit them.…

Read more →

Check Point Software Technologies has confirmed a data breach following claims by threat actor CoreInjection on March 30th, 2025, but insists the incident is an “old, known and very pinpointed event” from December 2024 that had already been addressed.  The…

Read more →

Linux Lite 7.4 Final has officially been released and is now available for download. This latest iteration of the lightweight Linux distribution brings several GUI improvements, bug fixes, and code updates while maintaining its focus on user-friendly computing for both…

Read more →

Microsoft has discovered multiple critical vulnerabilities affecting widely used bootloaders including GRUB2, U-Boot, and Barebox. These security flaws potentially expose systems to sophisticated boot-level attacks that could compromise devices before operating systems even initialize, allowing attackers to gain persistent and…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild.  The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU)…

Read more →

Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code.  Based on Shadowserver Foundation’s most recent monitoring data, approximately 1,512 unpatched instances remain vulnerable globally as…

Read more →

Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.  These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms.…

Read more →

Researchers have detected an alarming surge in malicious scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals.  Over a 30-day period, nearly 24,000 unique IP addresses have attempted to access these critical security gateways, suggesting a coordinated effort to probe…

Read more →

The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. Once considered a singular entity, Lazarus has evolved into a network of specialized subgroups with overlapping tactics,…

Read more →

Canon has issued a critical security advisory regarding a severe vulnerability detected in several of its printer drivers that could allow attackers to execute arbitrary code on affected systems.  The flaw, identified as CVE-2025-1268, carries a high-severity CVSS base score…

Read more →

Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH’s agent forwarding feature that was disclosed in July 2023. The Qualys Threat Research Unit discovered the vulnerability, which affected all OpenSSH…

Read more →

Three critical bypasses in Ubuntu Linux’s unprivileged user namespace restrictions allow local attackers to escalate privileges and exploit kernel vulnerabilities.  These bypasses affect Ubuntu 23.10 and 24.04 LTS systems, where AppArmor-based protections were introduced to limit namespace misuse.  While not…

Read more →

Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform other malicious activities without authentication.  Security…

Read more →

A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access.  The vulnerability, which affects versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, received a CVSS score of…

Read more →

The Lazarus Group, a North Korean state-sponsored hacking collective, has launched a new campaign dubbed ClickFake Interview, targeting job seekers in the cryptocurrency industry. This malicious operation uses fake job interview websites to deploy a Go-based backdoor, known as GolangGhost,…

Read more →

The cybersecurity landscape has been disrupted by Earth Alux, a China-linked advanced persistent threat (APT) group actively conducting espionage operations since the second quarter of 2023. Initially targeting the Asia-Pacific region, the group expanded its operations to Latin America by…

Read more →

A critical unauthenticated remote code execution vulnerability (CVE-2024-13804) has been discovered in HPE Insight Cluster Management Utility (CMU) v8.2, enabling attackers to bypass authentication mechanisms and execute commands with root privileges on the backend server. This high-severity vulnerability affects a…

Read more →

Microsoft has taken a decisive step in its latest Windows 11 Insider Preview Build 26200.5516 by removing the bypassnro.cmd script, effectively closing a loophole that allowed users to install Windows 11 without connecting to the internet or signing in with…

Read more →

DarkCloud is a sophisticated stealer malware that emerged in 2022, quickly positioning itself as one of the most prevalent threats in its category. This Windows-targeting malware has evolved significantly to extract sensitive information including browser data, FTP credentials, screenshots, keystrokes,…

Read more →

The notorious Konni RAT (Remote Access Trojan) has evolved to leverage a sophisticated Windows Explorer exploitation technique, enabling attackers to execute multi-stage attacks with enhanced stealth capabilities. This malware, historically linked to North Korean threat actors, has been observed targeting…

Read more →

Recent discoveries have uncovered a concerning trend where threat actors are strategically concealing malicious code within WordPress websites’ mu-plugins directory. This directory is particularly valuable for attackers as it loads automatically with WordPress, making detection and removal more challenging. The…

Read more →

Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. These threat actors conducted financially-motivated and espionage operations throughout late 2024 and early…

Read more →

A sophisticated Python-based Remote Access Tool (RAT) named Triton has emerged as a significant threat, utilizing Telegram as its command and control infrastructure. This malware enables attackers to remotely access and control compromised systems, with particular emphasis on harvesting Roblox…

Read more →

Remote monitoring tools are essential for managing and maintaining the health and performance of IT infrastructure and systems. Remote monitoring tools provide continuous oversight of network devices, servers, applications, and other critical components from a remote location. These tools help…

Read more →

A significant cybersecurity breach has been uncovered involving the hacker group known as “Daisy Cloud,” which has exposed more than 30,000 login credentials spanning numerous digital services. The threat actors have been operating a sophisticated credential marketplace on Telegram since…

Read more →

Cybercriminals recently leveraged a fake Zoom installer to deploy BlackSuit ransomware across an enterprise network. The attack began when an unsuspecting victim visited a malicious website mimicking Zoom’s official download page (zoommanager[.]com), where they downloaded what appeared to be a…

Read more →

A critical vulnerability in PHP’s libxml streams has been identified, potentially impacting web applications that rely on the DOM or SimpleXML extensions for HTTP requests. The flaw, tracked as CVE-2025-1219, involves the incorrect handling of the content-type header when a…

Read more →

A newly discovered Android banking malware named TsarBot is targeting over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce platforms. Identified by Cyble Research and Intelligence Labs (CRIL), TsarBot employs sophisticated overlay attacks and phishing techniques to intercept sensitive…

Read more →

A sophisticated social engineering technique known as ClickFix has emerged, leveraging fake CAPTCHA verification processes to deceive users into executing malicious commands. This method exploits the trust users have in CAPTCHA systems, which are typically used to verify human identity…

Read more →

A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers. This vulnerability affects versions 9.0.0-M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2 and has been resolved in…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). This vulnerability allows attackers to gain unauthorized access and deploy sophisticated malware variants,…

Read more →

The Lotus Blossom Advanced Persistent Threat (APT) group, also known as Lotus Panda, Billbug, and Spring Dragon, has intensified its cyberespionage efforts with new variants of the Sagerunex backdoor. These developments highlight the group’s evolving tactics, including leveraging Windows Management…

Read more →

A new AI-driven offensive security tool, RamiGPT, is known for its ability to autonomously escalate privileges and gain root access to vulnerable systems in under a minute. Developed by GitHub user M507, the tool leverages OpenAI’s API. It integrates proven…

Read more →

Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the…

Read more →

A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing…

Read more →

A sophisticated social engineering technique has recently emerged in the cybersecurity landscape, rapidly gaining traction among threat actors seeking to distribute trojans, ransomware, and particularly Quakbot malware. This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements…

Read more →

In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and…

Read more →

Artificial intelligence has dramatically transformed the cybersecurity landscape, with red team activities increasingly leveraging sophisticated AI-driven techniques to simulate advanced persistent threats. These AI-enhanced red teams can now automate the process of penetrating targets and collecting sensitive data at unprecedented…

Read more →

A sophisticated Python-based Remote Access Trojan (RAT) leveraging Discord as its command and control infrastructure has been identified targeting users worldwide. This malware enables attackers to execute arbitrary system commands, capture screenshots, and most critically, steal saved login credentials from…

Read more →

In a sophisticated cyber espionage campaign recently uncovered, Russian hackers have been impersonating the U.S. Central Intelligence Agency (CIA) and other organizations to harvest sensitive information from Ukrainian sympathizers and potential Russian defectors. The operation utilizes carefully crafted phishing websites…

Read more →

PJobRAT, an Android Remote Access Trojan (RAT) first observed in 2019, has recently resurfaced with enhanced capabilities and a refined targeting strategy. The malware, initially documented targeting Indian military personnel in 2021, has evolved to compromise users in Taiwan through…

Read more →

A sophisticated new data theft malware strain dubbed “SHELBY” has emerged in the cybersecurity landscape, targeting primarily financial institutions and healthcare organizations across North America and Europe. The malware employs a multi-stage infection process that begins with phishing emails containing…

Read more →

A massive website hijacking campaign has been uncovered, affecting approximately 150,000 websites with malicious full-page redirects to Chinese gambling platforms. The attack, which first emerged in February 2025 targeting around 35,000 sites, has rapidly expanded its reach, demonstrating the threat…

Read more →

RansomHub emerged in February 2024, just as Operation Cronos dismantled major ransomware players BlackCat and LockBit. This new ransomware-as-a-service operation quickly attracted affiliates with generous terms—keeping 90% of ransom payments and offering direct wallet transfers. By July 2024, RansomHub had…

Read more →

In a recent discovery, cybersecurity experts have identified renewed activity from FamousSparrow, a China-aligned APT group previously thought to be inactive since 2022. The threat actor has resurfaced with two previously undocumented versions of its signature backdoor, SparrowDoor, targeting organizations…

Read more →

A new ransomware variant known as PlayBoy Locker has emerged, targeting multiple operating systems including Windows, NAS, and ESXi. First discovered in September 2024, this malware initially operated as a Ransomware-as-a-Service (RaaS) platform, offering cybercriminals a versatile tool for their…

Read more →

Hackers have launched sophisticated attacks targeting MailChimp, one of the most widely used email marketing platforms. These attacks leverage advanced phishing techniques and social engineering tactics to gain unauthorized access to corporate MailChimp accounts, potentially exposing sensitive subscriber data and…

Read more →

A new ransomware strain has been discovered targeting virtualized environments, specifically Microsoft Hyper-V servers. This targeted approach marks a significant evolution in ransomware tactics, as the malware focuses exclusively on hypervisors rather than encrypting all endpoint devices, creating maximum damage…

Read more →