CISA announced an eleventh-hour contract extension with MITRE Corporation to maintain the Common Vulnerabilities and Exposures (CVE) program, narrowly avoiding a lapse in federal funding […]
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH…
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft…
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked…
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress…
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized…
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan The original article found on The Hacker News Read More
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft…
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH…
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized…
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress…
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked…
Security Awareness Metrics That Matter to the CISO
Security awareness has become a critical component of organizational defense…
Cybercriminals Exploit EC2 Instance Metadata Vulnerability to Launch Attacks on Hosted Websites
Cybercriminals have launched a sophisticated campaign targeting websites hosted on…
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
The latest Palo Alto Networks Unit 42 Cloud Threat Report…
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential…
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
A new malware campaign has been observed leveraging social engineering…
Researchers Expose Medusa Ransomware Group’s Onion Site
Researchers have successfully infiltrated the digital fortress of one of the most prolific ransomware groups, Medusa Locker. Known for targeting critical sectors like healthcare, education, […]
Interlock Ransomware Uses Multi-Stage Attack Through Legitimate Websites to Deliver Malicious Browser Updates
The Interlock ransomware intrusion set has escalated its operations across North America and Europe with sophisticated techniques. Not falling under the typical Ransomware-as-a-Service (RaaS) category, […]
Beware! Online PDF Converters Tricking Users into Installing Password-Stealing Malware
CloudSEK’s Security Research team, a sophisticated cyberattack leveraging malicious online PDF converters has been demonstrated to target individuals and organizations globally. This attack, previously hinted […]
AI-Powered Bad Bots Account for 51% of Traffic, Surpassing Human Traffic for the First Time
Automated traffic generated by bad bots has for the first time surpassed human activity, accounting for 51% of all internet traffic in 2024, according to […]
Hackers Weaponize Gamma Tool Through Cloudflare Turnstile to Steal Microsoft Credentials
Cybercriminals are exploiting an AI-powered presentation tool called Gamma to launch a multi-stage attack aimed at stealing Microsoft credentials. This attack route is designed not […]
Active Directory Recovery Can’t Be an Afterthought
Active Directory is one of the most vulnerable access points in an organization’s IT environment. Companies cannot wait for a real attack to pressure-test their […]
Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024
Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems […]
SquareX to Reveal Critical Data Splicing Attack at BSides SF, Exposing Major DLP Vulnerability
SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from the […]
Landmark Admin Suffers Major Breach, Exposing Data of 1.6M+ Users
Landmark Admin, LLC (“Landmark”), a Texas-based third-party administrator for life insurance carriers, has confirmed that a cyberattack compromised sensitive personal data belonging to more than […]