web
-
Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing…
Read More » -
New Steganographic Malware Hides in JPEG Files to Spread Infostealers
A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files. This…
Read More » -
Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells
The notorious Lazarus group has been identified as leveraging compromised IIS servers to deploy malicious ASP web shells. These sophisticated…
Read More » -
AWS SNS Exploited for Data Exfiltration and Phishing Attacks
Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and…
Read More » -
Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers
Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The…
Read More » -
Jaguar Land Rover Allegedly Hit by Cyberattack, Hacker Claims
A threat actor known as “Rey” has come forward on a prominent dark web forum, claiming responsibility for a significant…
Read More » -
Lumma Stealer Using Fake Google Meet & Windows Update Sites to Launch “Click Fix” Style Attack
Cybersecurity researchers continue to track sophisticated “Click Fix” style distribution campaigns that deliver the notorious Lumma Stealer malware to unsuspecting…
Read More » -
10 Best Penetration Testing Companies in 2025
Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations by identifying vulnerabilities in their systems,…
Read More » -
Network Penetration Testing Checklist – 2025
Network penetration testing is a cybersecurity practice that simulates cyberattacks on an organization’s network to identify vulnerabilities and improve security…
Read More » -
New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access
Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable new threat: “Pass-the-Cookie” attacks. Recent findings reveal…
Read More » -
Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers”
A security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated attackers to retrieve sensitive user…
Read More » -
SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix
In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow vulnerability CVE-2025-0282 in Ivanti Connect…
Read More » -
New Darcula 3.0 Tool Generates Phishing Kits to Mimic Global Brands
The cybercriminal group behind the notorious “darcula-suite” platform has unveiled its latest iteration, darcula 3.0, which introduces groundbreaking capabilities for…
Read More » -
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is…
Read More » -
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins
A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication…
Read More » -
Cybercriminals Target IIS Servers to Spread BadIIS Malware
A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services (IIS) servers by threat actors deploying…
Read More » -
Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed by cybersecurity researchers. Introduced by…
Read More »