A new form of phishing attack is making waves among job seekers, as cybercriminals exploit WhatsApp and Meta’s trusted branding to lure victims into sophisticated […]
‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365
A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens…
Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans
The Sekoia TDR (Threat Detection & Research) team has reported…
Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft
The Socket Threat Research Team has unearthed a trio of…
Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload
Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to…
Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs
Small and midsized businesses (SMBs) continue to be prime targets…
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan The original article found on The Hacker News Read More
Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans
The Sekoia TDR (Threat Detection & Research) team has reported…
‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365
A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens…
Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft
The Socket Threat Research Team has unearthed a trio of…
DeepSeek Breach Opens Floodgates to Dark Web
The incident should serve as a critical wake-up call. The…
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud…
Managing Burnout in the SOC – What CISOs Can Do
The Security Operations Center (SOC) is the nerve center of…
With AI’s Help, Bad Bots Are Taking Over the Web
Bad bots are becoming increasingly difficult to detect as they…
Windows CLFS Zero-Day Vulnerability Actively Exploited by Ransomware Group
A critical zero-day vulnerability in the Windows Common Log File…
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Ivanti has disclosed details of a now-patched critical security vulnerability…
FCC Investigates China-Backed Tech Suppliers for Evading US Operations Ban
FCC chairman warns these companies may still be operating in…
10 Best Email Security Solutions in 2025
Email security solutions are critical for protecting organizations from the growing sophistication of cyber threats targeting email communication. As email remains a primary channel for […]
CISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products. These advisories, […]
Malicious Macros Return in Sophisticated Phishing Campaigns
The cybersecurity landscape of 2025 is witnessing a troubling resurgence of malicious macros in phishing campaigns. Despite years of advancements in security measures and Microsoft’s […]
“Living-off-the-Land Techniques” How Malware Families Evade Detection
Living-off-the-Land (LOTL) attacks have become a cornerstone of modern cyber threats, allowing malware to evade detection by leveraging legitimate system tools and processes. Rather than […]
Chinese UNC5174 Group Expands Arsenal with New Open Source Tool and C2 Infrastructure
The Sysdig Threat Research Team (TRT) has revealed a significant evolution in the offensive capabilities of the Chinese state-sponsored threat actor, UNC5174. In late January […]
SOC Alert Fatigue Hits Peak Levels As Teams Battle Notification Overload
Security Operations Centers (SOCs) are facing a mounting crisis: alert fatigue. As cyber threats multiply and security tools proliferate, SOC teams are inundated with thousands […]
Oracle Issues Patch for 378 Vulnerabilities in Major Security Rollout
Oracle Corporation has released a sweeping Critical Patch Update (CPU) for April 2025, addressing a staggering 378 security vulnerabilities across a wide array of its […]
Hackers Exploit Node.js to Spread Malware and Exfiltrate Data
Threat actors are increasingly targeting Node.js—a staple tool for modern web developers—to launch sophisticated malware campaigns aimed at data theft and system compromise. Microsoft Defender […]
U.S. Govt. Funding for MITRE’s CVE Ends April 16, Cybersecurity Community on Alert
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented […]