On June 12, 2025, Aflac Incorporated, a Georgia corporation (the “Company”), identified unauthorized access to its network. The Company promptly initiated its cybersecurity incident response protoc...

In a previous blog, we analyzed domains associated with the recently-disrupted LummaC2 infostealing malware (although there are now reports that a new infostealer known as Acreed has come to take i...

Key Takeaways The PowerShell script (y1.ps1) executes shellcode directly in memory using reflective techniques. It connects to a second-stage C2 server hosted on Baidu Cloud Function Compute....

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-1016 Solar - FTP Server ...

In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russian state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least April ...

Earlier this month, a security researcher discovered a massive new data leak containing a total of over 4 billion records, which appears to contain data on Chinese users. Cybernews reported that th...

Trends in open-source software supply chain attacks – ones that exploit the public platforms developers rely on for software development – have changed quite a bit in recent years. While the number...

Summary Keir Giles, a prominent expert on Russian information operations, was targeted with a sophisticated and personalized novel social engineering attack. The attacker took extensive measures to...

The ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals. Once-dominant groups such as RansomHub, LockBit, Everest, and Bla...

Intro A few months ago, I read the work of Jeroen Delvaux, Cristofaro Mune, Mario Romero, and Niek Timmers on bypassing Secure Boot on an ESP32 V3 chip with both Secure Boot and Flash Encryption en...

In May 2025, Cisco Talos identified a Python-based remote access trojan (RAT) we call “PylangGhost,” used exclusively by a North Korean-aligned threat actor. PylangGhost is functionally similar to ...

Key Points Check Point Research discovered a multistage campaign targeting Minecraft users via the distribution as a service (DaaS) Stargazers Ghost Network, which operates on GitHub. The malware i...

In a confirmation that we’ve gone full Black Mirror, the UK’s privacy czar has wagged a finger at air fryer manufacturers and told them to stop playing with our data. New draft guidance from the I...

We’ve spent a bit of time recently looking at CMSs given the basic fact that they represent attractive targets for attackers. As you may remember, Kentico Xperience CMS obtained our gaze earlier i...

Key Data Netcraft’s research has uncovered an organized SEO poisoning operation using a platform known as Hacklink, a marketplace that enables cybercriminals to purchase access to thousands of comp...

Summary: Trend™ Research has identified an active campaign exploiting CVE-2025-3248 to deliver the Flodrix botnet. Attackers use the vulnerability to execute downloader scripts on compromised Lang...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2021-43584 n/a - n/a DOM-ba...

Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. The incident was discovered on Thursday evening a...

Security researchers from SafetyDetectives found the information on an online forum notorious for hosting database leaks and cracked software. The user who posted the information didn’t stop at si...

The high-severity vulnerabilities can allow privilege escalation, code execution and the overwriting of arbitrary files. The three flaws affect versions 10.8.4 and earlier of Nessus Agent, also kn...