phishing
-
Critical Deserialization Flaw in Microsoft SharePoint Server Added to CISA KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has formally recognized a significant security threat by adding CVE-2026-45659 to its Known…
Read More » -
Technical Breakdown: The De-anonymization Vulnerability in Apple’s Hide My Email
Apple’s Hide My Email, a cornerstone of the iCloud+ privacy suite, is currently facing a critical architectural flaw that threatens…
Read More » -
Deep Dive: Mustang Panda’s Multi-Stage Espionage Campaigns Against Indian Infrastructure
Recent intelligence from Acronis Threat Response Unit (TRU) has uncovered two highly sophisticated, concurrent espionage campaigns attributed to the threat…
Read More » -
Digital Repression: How Russian Authorities Breached an Activist’s iPhone
A technical investigation into the digital footprint of detained human rights activist Andrey Pivovarov has uncovered evidence that Russian state…
Read More » -
Technical Analysis: Sophisticated AiTM Phishing Campaign Targeting AWS Console Users
A highly coordinated and technically proficient phishing campaign has been identified, specifically targeting AWS console users through an Adversary-in-the-Middle (AiTM)…
Read More » -
Dismantling the Cybercrime Assembly Line: Inside Operation Endgame’s Infrastructure Takedown
In a massive synchronized strike against the digital underworld, Europol—working in tandem with a global coalition of law enforcement agencies…
Read More » -
Threat Intelligence Report: Sophisticated Microsoft Teams Impersonation Campaign Deploying Signed RATs
A highly organized phishing campaign is currently targeting users by impersonating Microsoft Teams. Rather than relying on traditional malware, this…
Read More » -
Supply Chain Vulnerability: OAuth Token Compromise at Klue Impacts LastPass Salesforce Data
A sophisticated supply chain incident involving the market intelligence platform Klue has resulted in unauthorized access to specific datasets within…
Read More » -
Supply Chain Vulnerability: Analyzing the Massive Data Exfiltration at Tata Electronics
Tata Electronics has confirmed a significant cybersecurity breach following claims by a threat actor group that they have successfully exfiltrated…
Read More » -
Deep Dive: The CodeStorm Adversary-in-the-Middle (AiTM) Campaign Targeting Microsoft 365
A sophisticated multi-organization phishing campaign, attributed to the CodeStorm threat actor, is currently targeting Microsoft 365 tenants. Unlike traditional credential…
Read More » -
Evolution of the INC Ransomware Ecosystem: From Emerging Threat to Top-Tier RaaS
The INC ransomware group has undergone a significant metamorphosis, transitioning from a niche emerging threat into one of the most…
Read More » -
Critical Information Disclosure in Gravity SMTP Plugin: Active Exploitation of API Credentials
Security researchers have identified a significant information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is currently being leveraged…
Read More » -
Serverless Phishing: How Threat Actors Weaponize GitHub Pages and APIs for Large-Scale Financial Fraud
A highly sophisticated, long-running phishing campaign has transitioned into a modular, serverless architecture, specifically designed to exploit the trust of…
Read More » -
Rokarolla: zLabs Uncovers Sophisticated Android Banking Trojan
Cybersecurity researchers have uncovered a highly capable Android banking trojan dubbed Rokarolla—a name derived directly from its Command-and-Control (C2) infrastructure.…
Read More » -
Advanced Phishing Evolution: UNC1151 Targets Gmail with Real-Time 2FA Interception
The threat actor known as Ghostwriter (UNC1151) has significantly upgraded its operational capabilities, moving beyond localized phishing to execute sophisticated,…
Read More » -
APT37 Unmasked: The Highly Targeted NarwhalRAT Campaign
The threat actor identified as APT37 is currently deploying a highly sophisticated, multi-stage intrusion chain centered around NarwhalRAT. This campaign…
Read More »