A chilling new Android malware, dubbed GhostSpy, has emerged as a significant threat to mobile security, according to a detailed report by CYFIRMA. This high-risk […]
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The […]
Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks
A groundbreaking study from Tsinghua University and Zhongguancun Laboratory has uncovered critical vulnerabilities in modern web infrastructure, revealing that HTTP/2 server push and Signed HTTP […]
Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution
A critical vulnerability, identified as CVE-2025-0072, has been discovered in the Arm Mali GPU driver, posing a significant threat to devices with newer Mali GPUs […]
How CISOs can defend against Scattered Spider ransomware attacks
The UK’s Marks & Spencer suffered a cyberattack in late April that damaged the high-end retailer’s operations and is expected to cost the company over […]
How Google Meet Pages Are Exploited to Deliver PowerShell Malware
A new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell […]
Critical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private Repositories
A critical vulnerability in the widely-used GitHub MCP integration, boasting over 14,000 stars on GitHub, has been uncovered by Invariant Labs, posing a severe risk […]
Diese Social-Engineering-Trends sollten Sie kennen
Beim Social Engineering nutzen Cyberkriminelle menschliches Verhalten für ihre Zwecke aus. Dabei lassen sich folgende Trends beobachten. Agor2012 – shutterstock.com Anstatt auf fortschrittliche Tools oder […]
Threat Actors Deploy Database Client Tools on Targeted Systems to Exfiltrate Sensitive Data
Cybersecurity experts have noted an increase in data breaches where threat actors are directly querying internal databases to steal sensitive information. Unlike traditional malware-based attacks, […]
60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server Details
A Socket’s Threat Research Team has revealed a sophisticated and ongoing campaign targeting the npm ecosystem, involving 60 malicious packages published under three distinct accounts: […]