Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in… Read More »Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as… Read More »ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Cybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024. “The toll… Read More »Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. “Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass… Read More »Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated… Read More »[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting… Read More »Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation… Read More »CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the… Read More »Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as… Read More »Artificial Intelligence – What’s all the fuss?
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late… Read More »State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns