​Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability… Read More »Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

​As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. “DroidBot is a modern… Read More »This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

​A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and… Read More »Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

​Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security… Read More »Want to Grow Vulnerability Management into Exposure Management? Start Here!

​A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity… Read More »Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

​The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign… Read More »ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

​The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing… Read More »CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

​The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime… Read More »NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

​The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group… Read More »Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities

​Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud’s flexibility, scalability, and efficiency come with significant risk… Read More »7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments