Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

A fresh round of patches has been made available for the vm2 JavaScript library to...

The threat from commercial cyber proliferation

Report informing readers about the threat to UK industry and society from commercial cyber tools...

YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader

Cybersecurity researchers have detailed the inner workings of a highly evasive loader named “in2al5d p3in4er”...

Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning...

DFIR via XDR: How to expedite your investigations with a DFIRent approach

Rapid technological evolution requires security that is resilient, up to date and adaptable. In this...

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on...

LockBit Ransomware Now Targeting Apple macOS Devices

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files...

Data-driven cyber: transforming cyber security through an evidence-based approach

Using data and scientific methods to make more evidence-based decisions about cyber security....

ACD – The Sixth Year

Key findings from the 6th year of the Active Cyber Defence (ACD) programme....

Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose

Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less...

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into...

FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime...

What’s the Difference Between CSPM & SSPM?

Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of...

Google Uncovers APT41’s Use of Open Source GC2 Tool to Target Media and Job Sites

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source...

Tour of the Underground: Master the Art of Dark Web Intelligence Gathering

The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with...

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke...

New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using...

Introducing Cyber Advisors…

Launching a new Industry Assurance scheme aimed at helping the UK’s small organisations....

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its...

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign...

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

Open source media player software provider Kodi has confirmed a data breach after threat actors...

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities...

Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice

In today’s fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of...

Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem...

RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware

Cybersecurity researchers have detailed the tactics of a “rising” cybercriminal gang called “Read The Manual”...

WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures...

New Python-Based “Legion” Hacking Tool Emerges on Telegram

An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via...

1 Comment

Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in...

Why Shadow APIs are More Dangerous than You Think

Shadow APIs are a growing risk for organizations of all sizes as they can mask...

Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign

The North Korean threat actor known as the Lazarus Group has been observed shifting its...