Threat actors are increasingly exploiting the trust users place in sponsored search results on platforms like Google to orchestrate sophisticated scams. These malicious entities craft […]
Mocha Manakin Uses Paste-and-Run Technique to Deceive Users into Downloading Malware
A malicious campaign tracked as Mocha Manakin has been identified employing the deceptive “paste-and-run” technique to trick unsuspecting users into executing harmful scripts. First observed […]
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware
CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote […]
Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection
A severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs, has been uncovered […]
Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, […]
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection
A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First […]
TxTag Phishing Campaign Exploits .gov Domain to Deceive Employees
A new and alarming phishing campaign has surfaced, leveraging the credibility of a .gov domain to deceive employees into believing they owe unpaid tolls. Identified […]
How Cyber Warfare Changes the Face of Geopolitical Conflict
As geopolitical tensions rise, the use of cyber operations and hacktivists continues to grow, with the current conflict between Israel and Iran showing the new […]
Telecom Giant Viasat Is Latest Salt Typhoon Victim
The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there […]
Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure
A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud […]