Unauthorized Access to Employee Communications by ToddyCat APT in Targeted Firms
ToddyCat APT attack - APT group ToddyCat has continued advancing its espionage operations, targeting corporate email systems and internal.| Cyber Security News
.png)
Critical HPE Insight Remote Support Vulnerabilities Enables Remote Code Execution
Hewlett Packard Enterprise (HPE) has issued a critical security bulletin disclosing three vulnerabilities in its Insight Remote Support (IRS) software.| Cyber Security News
%20(1).webp)
HPE Alletra and Nimble Storage Vulnerability Allows Remote Attackers to Gain Admin Access
The flaw, tracked as CVE-2026-23594, could allow a remote attacker with low-level access to gain full administrative control on affected systems.| Cyber Security News
%20(1).webp)
ConsentFix Attack Lets Hackers Take Over Microsoft Accounts via Azure CLI
The attack bypasses both password requirements and multi-factor authentication (MFA) protections, representing a dangerous evolution in cloud-focused threat tactics.| Cyber Security News
NATO Research Sectors Targeted by Russian Calisto Hackers Using ClickFix Code
NATO Research Sectors - A recent investigation by Sekoia.io’s Threat Detection & Response (TDR) team has revealed a new wave of spear.| Cyber Security News
Threat Actors Exploiting Cloudflare Workers for Sophisticated Phishing Attacks
Researchers observed a rise in such activity in 2023, with the number of targeted users reaching a peak in Q4.| Cyber Security News
%20(1).webp)
Hackers Moving to “Living Off the Land” Techniques to Attack Windows Systems Bypassing EDR
This shift in tactics, known as "Living Off the Land," poses a significant challenge for organizations trying to protect their systems.| Cyber Security News
%20(1).webp)
Angular HTTP Client Vulnerability Exposes XSRF Token to Attacker-Controlled Domains
The flaw, tracked as CVE-2025-66035, has been assigned a High severity rating with a CVSS v4 score of 7.5.| Cyber Security News
%20(1).webp)
Apache SkyWalking Vulnerability Lets Attackers Expose Users to XSS Attacks
The flaw, catalogued as CVE-2025-54057, affects all versions of SkyWalking up to and including 10.2.0, raising significant concerns for organizations that rely on this monitoring solution.| Cyber Security News
North Korean Cyber Actors Exploit IT and Crypto Channels to Bypass UN Sanctions
North Korean Cyber Actors - A new report from the Multilateral Sanctions Monitoring Team (MSMT) warns that North Korea has built.| Cyber Security News
Threat Actors Target Black Friday Shoppers Amid Surge of 2M+ Attacks
Black Friday cyber attacks - Cybercriminals are intensifying their efforts during Black Friday 2025, capitalizing on the unprecedented growth| Cyber Security News
%20(1)%20(1).webp)
Clop Ransomware Allegedly Breached Broadcom via E-Business Suite 0-Day Hack
According to threat intelligence sources, the attackers exploited an unpatched zero-day vulnerability in Oracle E-Business Suite to gain initial access to the company's systems.| Cyber Security News
Massive Phishing Campaign Unleashes Multiple Malware
Attackers leveraged compromised infrastructure for email distribution, malware hosting, and data exfiltration, underscoring the ongoing threat to these organizations.| Cyber Security News
Surge in Threat Actor Exploits Signals Emergence of New Cyber Vulnerabilities
Cybersecurity researchers at GreyNoise have uncovered a significant pattern that could revolutionize how organizations prepare for emerging threats.| Cyber Security News
AitM Phishing Campaigns Target Microsoft 365 And Google Accounts To Steal Credentials
Adversary-in-the-Middle (AitM) phishing attacks have rapidly escalated in both scale and sophistication, posing a significant threat.| Cyber Security News
.webp)
Microsoft Announced Mandatory Multi-factor Authentication for Azure Sign-in
Microsoft mandates multi-factor authentication (MFA) for all Azure sign-ins in response to escalating cyber threats.| Cyber Security News
Microsoft Unveils Advanced Defense Techniques Against Evolving AiTM Attacks
Microsoft has rolled out a comprehensive set of security enhancements aimed at countering the surge in AiTM phishing attacks.| Cyber Security News
Cl0p Ransomware Conceals Itself on Compromised Networks After Data Exfiltration
In a recent wave of cyberattacks, the Cl0p ransomware group has demonstrated its ability to exploit vulnerabilities in widely used file transfer software.| Cyber Security News
.webp)
IDA 9.0 Released: Exciting New Features in Reverse Engineering
IDA licensing has undergone significant changes, as licenses are now platform-agnostic, allowing them to be used across Windows, Linux, and macOS.| Cyber Security News
Dell Recover Point for Virtual Machines Vulnerabilities Allows Privilege Escalation
Dell Technologies has issued a security advisory regarding multiple vulnerabilities in its RecoverPoint for Virtual Machines (RP4VM) software.| Cyber Security News
Hackers Trick Users Into Running Malicious PowerShell Commands as Admin on Windows
Microsoft Threat Intelligence has uncovered a novel cyberattack strategy employed by the North Korean state-sponsored hacking group Emerald Sleet.| Cyber Security News
%20(1).webp)
Open Directory Found Hosting Mimikatz Executables Sparks Security Concerns
The directory, located at https://server.xcode.co.id/files/mimikatz/Win32/, has raised sconcerns about potential misuse by malicious actors.| Cyber Security News
Ransomware Gangs Exploit Azure Storage Explorer to Steal Sensitive Data
Recent investigations have revealed that ransomware groups like BianLian and Rhysida are using Azure Storage Explorer to steal sensitive data| Cyber Security News
%20(1).webp?w=1600&resize=1600,900&ssl=1)
Microsoft Releases February 2025 Patch Tuesday Update Addressing 61 Vulnerabilities
The update includes fixes for 25 critical RCE vulnerabilities, three of which are zero-day vulnerabilities actively exploited in the wild.| Cyber Security News
%20(1).webp)
FOG Ransomware Group Leaks Source Code of Three French Organizations
The victims, all based in France, include Omydoo, Ayomi.fr, and ADULLACT, marking a significant escalation in their cyber extortion campaign.| Cyber Security News
%20(1).webp?w=1600&resize=1600,900&ssl=1)
Data Breach in Indonesia Exposes 7.5 Million Records
The breach underscores persistent vulnerabilities in the nation’s cybersecurity infrastructure and raises pressing concerns about data protection.| Cyber Security News
New Phishing Exploit Webflow CDN & CAPTCHAs to Steal Credit Card Data
Netskope Threat Labs has uncovered a widespread phishing campaign that leverages Webflow's Content Delivery Network (CDN) and SEO.| Cyber Security News
Security Risks Emerge with Windows 11’s New Compression Formats in libarchive
In October 2023, Microsoft introduced native support for 11 additional compression formats in Windows 11 through the KB5031455 update.| Cyber Security News
BBTok Hackers Target Organizations with PowerShell, Python, & dnlib
A C#-based malware loader, Trammy.dll, obfuscated with ConfuserEx, is part of a complex infection chain initiated by an ISO image email.| Cyber Security News
IllusionCAPTCHA: Strengthening Security Against AI-Driven CAPTCHA Breaches
IllusionCAPTCHA capitalizes on the human brain's unique ability to interpret visual discrepancies, creating tasks that are intuitive for humans but perplexing for AI.| Cyber Security News
APT37 hackers Abusing Group Chats to Attack Via Malicious LNK File
A surge in Advanced Persistent Threat (APT) attacks has been witnessed in Korea, with notable exploitation of malicious Hancom Office (HWP) and LNK files.| Cyber Security News
%20(1)%20(1).webp)
Akira Ransomware Group Strikes Again
This marks yet another chapter in the group's ongoing campaign of digital extortion and data breaches.| Cyber Security News
%20(1).webp)
DragonForce Ransomware Strikes O&S Engineers & Architects
This incident underscores the growing threat of ransomware targeting architecture and engineering (A&E) firms.| Cyber Security News
Stopping Attackers From Hard-Deleting Entra ID Accounts Through Protected Actions
Microsoft Entra ID has introduced a robust security mechanism called protected actions, aimed at preventing attackers from permanently deleting user accounts.| Cyber Security News
SolarWinds Web Help Desk Vulnerability Exposes Sensitive Data Through Weak Cryptographic Key Management
A critical vulnerability in SolarWinds' Web Help Desk (WHD) software has been identified, allowing remote, unauthenticated attackers to exploit hardcoded credentials embedded in the system.| Cyber Security News
.webp)
Beyond the Horizon: Evaluating the Feasibility of Single-Bit Fault Injection Attacks
The pursuit of single-bit fault injection attacks has long been regarded as a challenging frontier in hardware security.| Cyber Security News
Critical Vulnerability in Satellite Weather Software Enables Remote Code Execution
A critical security vulnerability, identified as CVE-2025-1077, has been disclosed in IBL Software Engineering's Visual Weather software and its derived products.| Cyber Security News
%20(1).webp)
Hammond Trucking & Excavation Inc. Targeted by RHYSIDA Ransomware
The incident underscores the growing threat posed by this ransomware group, which has targeted various industries worldwide.| Cyber Security News
EARLYCROW: Advanced Detection of APT Malware C&C Communications Over HTTPS
The EarlyCrow system introduces a groundbreaking approach to detecting Advanced Persistent Threat (APT) malware command and control (C&C) communications.| Cyber Security News