Socket’s Threat Research Team has uncovered an ongoing supply chain attack targeting the RubyGems ecosystem. A threat actor using the aliases Bùi nam, buidanhnam, and si_mobile published two malici...
Source: Splunk Advisory ID: SVD-2025-0602 CVE ID: CVE-2025-20298 Description: In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade ...
OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingl...
New research from Checkmarx Zero has unveiled a unique malicious software campaign that targets Python and NPM users on both Windows and Linux systems. Security researcher Ariel Harush at Checkmar...
Established in 2016, the TrickBot group is believed to have infected millions of computers worldwide, exfiltrating sensitive information such as credentials, banking and credit card details, and pe...
An infostealer strain known as ‘Acreed’ could become the new market leader in credential theft malware, according to ReliaQuest. The cybersecurity company’s threat research team investigated the R...
I was playing around with HackPad on Hackvertor when I remembered that Safari used to have an XSS issue in the actual TypeError. I’d used it before, but it caught my attention again because I’d rec...
What is the Interlock ransomware? Interlock is a relatively new strain of ransomware, that first emerged in late 2024. Unlike many other ransomware families it not only targets Windows PCs, but al...
The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted t...
During mid-May 2025, eSentire’s Threat Response Unit (TRU) identified active exploitation of a critical security flaw (CVE-2025-4632) within Samsung MagicINFO 9 Server installations. This vulnerabi...
Last week, the US Department of Justice (DOJ) announced the disruption of the LummaC2 infostealing-malware. This was achieved through sweeping domain seizures in coordination with Microsoft, which ...
Introduction As we’ve explored in numerous articles and Malware of the Day posts, there is no shortage of communication protocols threat actors can utilize for C2 communication. And while there is ...
This time it’s a “Smart Device”, or as previously mentioned on this blog an internet connected “adult only toy”. But also it could just as easily have been via the house “Smart Meter”… Any electric...
“Russian-linked hackers targeted U.K. Defense Ministry staff in an espionage operation while posing as journalists, Sky News reported on May 29, citing the British government. The cyber attack was...
A cyber incident affecting several hospitals in Maine is now under investigation. Covenant Health shared with NEWS CENTER Maine that it became aware of connectivity issues impacting the organizati...
Socket’s Threat Research Team uncovered a supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias cappership. The threat actor embedded a covert key‑s...
Netcraft has observed a resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) group, which markets itself with a cartoon mouse mascot and a heavy emphasis on ease-of-use and suppor...
Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a financially motivated cybercriminal group active since at least mid-2022. They prim...
This analysis is part of an incident investigation led by the FortiGuard Incident Response Team. We discovered malware that had been running on a compromised machine for several weeks. The threat ...
Cisco Talos has discovered new threats, including the ransomware CyberLock, Lucky_Gh0$t, and a newly-discovered malware we call “Numero,” all of which masquerade as legitimate AI tool installers. ...