Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. “This campaign employs an AitM… Read More »Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks
A 59-year-old U.S. citizen who immigrated from the People’s Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the… Read More »U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated… Read More »Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of… Read More »The Future of Serverless Security in 2025: From Logs to Runtime Protection
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and… Read More »XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. “Cybercriminals have… Read More »Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware
U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These… Read More »U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a… Read More »Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first… Read More »Latest Multi-Stage Attack Scenarios with Real-World Examples
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go… Read More »Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels