The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, […]
Cybercriminals Clone CNN, BBC, and CNBC Sites to Lure Victims into Investment Fraud
Researchers have unveiled a sprawling cybercrime syndicate orchestrating an elaborate phishing and investment fraud campaign by cloning legitimate news outlets such as CNN, BBC, CNBC, […]
NCC Advises Immediate Windows 11 Upgrade to Strengthen Cyberattack Defenses
The National Cyber Security Centre (NCSC) has unveiled its latest recommended configuration packs for Microsoft Windows operating systems, designed to streamline the deployment of baseline […]
AI poisoning and the CISO’s crisis of trust
In May 2025, the NSA, CISA, and FBI issued a joint bulletin authored with the cooperation of the governments of Australia, New Zealand, and the […]
How defenders use the dark web
The term “dark web” may paint a picture in our head of threat actors lurking underground, on the shrouded parts of the internet where illicit […]
ImageMagick Vulnerability Enables RCE via Malicious File Name Patterns
A critical vulnerability in ImageMagick’s image processing library has been disclosed, enabling remote code execution through carefully crafted filename templates. Tracked as CVE-2025-53101, the flaw […]
CBI Uncovers Noida Tech Support Scam Targeting Victims in UK and Australia
The Central Bureau of Investigation (CBI) has made a major breakthrough in Operation Chakra-V by taking down a sophisticated global cybercrime network that was primarily […]
PoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File Writes
A critical vulnerability in Git’s command-line interface has been disclosed with public proof-of-concept exploits available, allowing arbitrary file writes and remote code execution on Linux […]
Government Organizations Targeted via AWS Lambda URL Endpoint Exploits
Unit 42 researchers from Palo Alto Networks have been monitoring a sophisticated threat cluster designated CL-STA-1020, which has been systematically targeting governmental entities across Southeast […]
Red Bull-Themed Phishing Attacks Target Job Seekers’ Credentials
A few significant investments in email filtering, authentication procedures, and endpoint protection, attackers are constantly improving their techniques to circumvent automated security measures in a […]