-
CISA Issues Alert on ControlID iDSecure Flaws Enabling Bypass Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding critical vulnerabilities in ControlID’s iDSecure On-premises software,…
Read More » -
Chollima Hackers Target Windows and MacOS with New GolangGhost RAT Malware
A North Korean-affiliated threat actor called Famous Chollima (also known as Wagemole) has launched a sophisticated remote access trojan (RAT)…
Read More » -
New Sorillus RAT Targets European Organizations Through Tunneling Services
An important development discovered in March 2025 by Orange Cyberdefense’s Managed Threat Detection teams in Belgium was that a European…
Read More » -
Hackers Target and Hijack Washington Post Journalists’ Email Accounts
A targeted cyberattack has struck The Washington Post, compromising the email accounts of several of its journalists and raising new…
Read More » -
Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens
A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth…
Read More » -
Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale
Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation…
Read More » -
Interpol Dismantles 20,000 Malicious IPs and Domains Tied to 69 Malware Variants
INTERPOL’s Operation Secure has seen the takedown of more than 20,000 malicious IP addresses and domains associated with infostealer malware.…
Read More » -
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025…
Read More » -
Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively Exploited in The Wild
A critical zero-day vulnerability in Microsoft Windows, designated CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group…
Read More » -
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated…
Read More » -
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert…
Read More » -
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone…
Read More » -
Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials
Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575,…
Read More » -
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat…
Read More » -
Threat Actors Exploit Nifty[.]com Infrastructure in Sophisticated Phishing Attack
Threat actors have orchestrated a multi-wave phishing campaign between April and May 2025, leveraging the legitimate infrastructure of Nifty[.]com, a…
Read More »