Your blog category
Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time… Read More »⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems… Read More »Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility… Read More »Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an “exploit shotgun”… Read More »Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face… Read More »Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. “Threat actors leveraged compromised… Read More »New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs
Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability, tracked… Read More »New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Cybersecurity company Huntress on Friday warned of “widespread compromise” of SonicWall SSL VPN devices to access multiple customer environments. “Threat actors are authenticating into multiple accounts rapidly across compromised devices,”… Read More »Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is… Read More »Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of… Read More »Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries