Your blog category
Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score… Read More »Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, “aside from standard RAT functionality, change… Read More »North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense… Read More »Network Threats: A Step-by-Step Attack Demonstration
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions… Read More »DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it… Read More »State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox… Read More »Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop… Read More »Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary… Read More »U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of… Read More »Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting… Read More »eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners