Your blog category
For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The… Read More »Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app… Read More »Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute… Read More »Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise,… Read More »Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50… Read More »BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet… Read More »RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about…… Read More »5 Ways Identity-based Attacks Are Breaching Retail
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since… Read More »Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The… Read More »CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader). The malvertising activity,… Read More »SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools