The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that… Read More »Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has… Read More »DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free… Read More »How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the… Read More »U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American… Read More »Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The… Read More »Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app… Read More »Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute… Read More »Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise,… Read More »Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50… Read More »BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally