CISA Identifies Craft CMS Weakness CVE-2025-23209 During Ongoing Breaches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has registered a significant security loophole affecting the Craft content management system...
been
Cyber offenders Utilize Eclipse Jarsigner to Launch XLoader Malware through ZIP Archives
An attack distributing the XLoader malware has been detected using the DLL side-loading method through a valid tool linked to...
Ending Support by Microsoft for Exchange 2016 and 2019: Essential Actions for IT Crews
For many years, Microsoft Exchange has served as the foundation of corporate communications, fueling electronic correspondence, calendaring, and teamwork for...
Signal’s Connection Feature Abused by Cybercriminals to Take Control of Accounts Using Fake QR Codes
There have been reports of several threat actors associated with Russia targeting specific individuals through the secure messaging platform Signal...
Latest OpenSSH Vulnerabilities Allow Man-in-the-Center and Disruption Attacks — Act Now
Two security weaknesses have been found in the OpenSSH secure communication toolset that, if effectively taken advantage of, might lead...
MAVInject.exe Usage by Chinese Cybercriminals to Bypass Detection in Specific Digital Assaults
Mustang Panda, a hacking group supported by the Chinese government, has been caught using an innovative method to outsmart detection...
APT41 Aims at Japanese Companies in RevivalStone Cyber Espionage Operation
Winnti, the threat group associated with China, has been linked to a fresh operation called RevivalStone that focused on Japanese...
The Latest Vulnerabilities in Xerox Printer May Enable Hackers to Obtain Windows Active Directory Credentials
A recent disclosure has revealed security flaws in Xerox VersaLink C7025 Multifunction printers (MFPs) that might enable threat actors to...
Targeted Developer Attacks: Lazarus Group Utilizes Marstech1 JavaScript Implant
Marstech1, an undisclosed JavaScript implant, has been deployed by the notorious Lazarus Group in malicious activities aimed at developers. SecurityScorecard...
Microsoft: Russian-Affiliated Cybercriminals Employing ‘Device Code Phishing’ to Seize Accounts
In reference to a recent development, Microsoft is highlighting a fresh menace cluster dubbed Storm-2372, which has been linked to...
RansomHub Emerges as the Leading Ransomware Gang of 2024, Striking 600+ Businesses Worldwide
The criminal groups responsible for the RansomHub ransomware-as-a-service (RaaS) platform have been seen exploiting recently fixed vulnerabilities in Microsoft Active...
Hackers Exploit CAPTCHA Technique to Circumvent Security Scanners in Webflow CDN PDFs
There has been a wide-ranging phishing scheme detected that is utilizing fake PDF files stored on the Webflow content distribution...
PowerShell and Dropbox Utilized by North Korean APT43 in Focused Cyberattacks on South Korea
An affiliated threat entity connected to North Korea has been identified in an active operation aimed at South Korean enterprises,...
Microsoft Reveals Worldwide Cyber Assaults by Sandworm Faction Reaching More than 15 Countries
An offshoot inside the notorious Russian government-backed hacking collective recognized as Sandworm has been linked to a prolonged initial infiltration...
A New Cyberattack Sees North Korean Cybercriminals Utilize PowerShell Technique to Seize Control of Devices
There has been a discovery of a novel method employed by the group associated with North Korea - Kimsuky, in...
