​Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam. “While the… Read More »Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

​Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised. “When… Read More »Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

​A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the… Read More »Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

​An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data,… Read More »100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

​Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services,… Read More »AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

​High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. “The attackers used spear… Read More »South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

​In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use… Read More »The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

​Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET,… Read More »Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

​Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. “RedisRaider aggressively… Read More »Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

​Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All… Read More »Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts