The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, […]
Writing Effective Detection Rules With Sigma, YARA, And Suricata
In the ever-evolving world of cybersecurity, the ability to detect…
How To Conduct End-to-End Forensics From Compromised Endpoint To Network Pivot
The discovery of a compromised endpoint in an organization’s network…
Building A Threat Detection Pipeline Using WAF Logs And External Intel Feeds
Organizations today face an ever-expanding threat landscape that requires sophisticated…
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
The Russian state-sponsored threat actor known as APT29 has been…
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm…
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan ​The original article found on The Hacker News Read More
Building A Threat Detection Pipeline Using WAF Logs And External Intel Feeds
Organizations today face an ever-expanding threat landscape that requires sophisticated…
How To Conduct End-to-End Forensics From Compromised Endpoint To Network Pivot
The discovery of a compromised endpoint in an organization’s network…
Writing Effective Detection Rules With Sigma, YARA, And Suricata
In the ever-evolving world of cybersecurity, the ability to detect…
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
The Russian state-sponsored threat actor known as APT29 has been…
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm…
AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code
A critical vulnerability in the AWS Systems Manager (SSM) Agent…
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
Taiwanese company Moxa has released a security update to address…
HP Brings Quantum-Safe Encryption to Printers
HP's 8000 Series enterprise and commercial printers, which include Color…
How To Hunt Web And Network-Based Threats From Packet Capture To Payload
Modern cyberattacks increasingly exploit network protocols and web applications to…
Ransomware Developer Extradited, Admits Working for LockBit
Law enforcement discovered admin credentials on the suspect's computer for…
Managing Burnout in the SOC – What CISOs Can Do
The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for detecting, analyzing, and responding to threats 24/7. However, the relentless pace, […]
CVE Program Cuts Send the Cyber Sector Into Panic Mode
After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another […]
Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems
A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed […]
Cybersecurity by Design: When Humans Meet Technology
If security tools are challenging to use, people will look for workarounds to get around the restrictions. ​The original article found on darkreading Read More
Artificial Intelligence – What’s all the fuss?
Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically […]
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over […]
3 Security Decisions That Could Make or Break Your Career This Year
In today’s rapidly evolving digital landscape, security has transcended from being a technical concern to a strategic leadership imperative. As cyber threats become more sophisticated […]
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed […]
Weaponized Amazon Gift Cards Used to Steal Microsoft Credentials
Cybercriminals are exploiting the trust in e-gift cards and the prestige of Amazon to steal Microsoft credentials from unsuspecting employees. The attack begins with an […]