Ransomware criminals infected a utility billing software providers’ customers, and in some cases disrupted services, after exploiting unpatched versions of SimpleHelp’s remote monitoring and manage...
Ransomware criminals infected a utility billing software providers’ customers, and in some cases disrupted services, after exploiting unpatched versions of SimpleHelp’s remote monitoring and manage...
Designed to protect sensitive information, air-gapped systems are disconnected from the network, thus preventing data exfiltration through methods that require internet connectivity. However, vari...
The shortage of IPv4 addresses has forced us to use smart techniques to reallocate address blocks, speed up adoption of IPv6, and reduce the number of addresses we use. We’re going to focus on this...
Executive Summary We recently discovered a large-scale campaign that has been compromising legitimate websites with injected, obfuscated JavaScript code. Threat actors commonly use this type of ca...
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious adverti...
While online shoppers think they’re safely completing purchases on legitimate ecommerce sites, cybercriminals are watching every keystroke, capturing credit cards and personal data in real time thr...
Introduction On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the techni...
What if all it took to compromise a GitHub organization – and thus, the organization’s supply chain – was an eight-digit code and a phone call? Introducing: GitHub Device Code Phishing. While sec...
Key Takeaways Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. Attackers hijacked the links through vanity link registration, allowin...
A May 2025 attack on a financial institution in Asia saw the Fog ransomware deployed, alongside an unusual toolset, including some dual-use and open-source pentesting tools we have not observed bei...
Cybersecurity firm Aim Labs has uncovered a serious new security problem, named EchoLeak, affecting Microsoft 365 (M365) Copilot, a popular AI assistant. This flaw is a zero-click vulnerability, me...
Throughout May 2025, eSentire’s Threat Response Unit (TRU) detected several attempts by threat actors to download and execute HijackLoader. Many of these attempts involved the attempted deployment ...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2023-44000 n/a - n/a An iss...
DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We ...
A cybersecurity researcher has uncovered five zero-day vulnerabilities and over 20 configuration risks in Salesforce’s cloud components. On June 10, Aaron Costello, Chief of SaaS Security Research...
Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113, just days after the patch was released, targeting over 80,000 servers. Roundcube is a p...
NTLM reflection is dead, long live NTLM reflection! Source: Synacktiv Date Published: June 11, 2025 Excerpt: “Introduction NTLM reflection is a special case of NTLM authentication relay in which ...
Introduction In recent years, organisations have increasingly encountered massive and more sophisticated phishing attacks that primarily target Microsoft 365 and Google accounts using Adversary-in-...
Key Takeaways Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target ...