Cybersecurity experts have identified a malicious Go module that disguises itself as an SSH brute-force tool but secretly transmits stolen credentials to its operator. According to researcher Kirill Boychenko from Socket, the package immediately sends the victim’s IP address, username, and password to a hardcoded Telegram bot upon the first successful login. The module, named […]
Phishing has always relied on tricking people, but this latest campaign goes a step further. Instead of only targeting users, attackers are now attempting to manipulate AI-powered defenses as well. This operation builds on the Gmail phishing chain reported last week. That earlier campaign used urgency and link redirects, while this one introduces a new
AI Prompt Injection Powers New Gmail Phishing Attack to Bypass Security Read More »
Growing Cybercrime Campaigns Targeting Servers and IoT Devices Cybersecurity experts are highlighting multiple ongoing campaigns where attackers exploit known security flaws, particularly in Redis servers, to conduct malicious activities. These include building IoT botnets, setting up residential proxies, and creating cryptocurrency mining infrastructures. One major focus is CVE-2024-36401 (CVSS 9.8), a critical remote code execution
GeoServer Exploits and Emerging Groups Expanding Cybercrime Beyond Botnets Read More »
Cybersecurity researchers have uncovered a stealthy method that enables attackers to extract Windows secrets and credentials without triggering alerts from most Endpoint Detection and Response (EDR) solutions. This approach can be used after gaining initial access to a system, allowing attackers to perform lateral movement across networks while staying hidden from standard monitoring tools. How
Hackers Evade EDR to Steal Windows Secrets and Credentials Undetected Read More »
Cybersecurity experts have uncovered a rapidly growing social engineering method known as ClickFix, which has been increasingly adopted by attackers since early 2024. This technique impacts both Windows and macOS devices, convincing users to unknowingly run harmful commands under the guise of routine troubleshooting steps. According to recent findings, thousands of enterprise and personal systems
Hackers Exploit ClickFix Technique to Target Windows and macOS Devices Read More »
A major security vulnerability was uncovered in Microsoft Azure’s API Connection infrastructure, allowing attackers to break tenant boundaries and gain unauthorized access to sensitive resources worldwide. The researcher behind the discovery, Gulbrandsrud, was awarded a $40,000 bug bounty and invited to present the findings at Black Hat. The issue originated from Azure’s shared API Management
Azure Default API Flaw Allows Cross-Tenant Compromise Read More »
Colt Technology Services, a leading telecommunications provider, has confirmed that a ransomware attack on August 12, 2025, resulted in the theft of sensitive customer data. The company revealed that attackers gained access to confidential files containing customer information. Soon after, the document titles were leaked on dark web forums, forcing Colt to take urgent containment
Colt Admits Customer Data Theft Following Ransomware Attack Read More »
A newly revealed security flaw in Docker Desktop for Windows shows how a simple Server-Side Request Forgery (SSRF) attack can completely compromise the host machine. The issue, tracked as CVE-2025-9074, was discovered by Felix Boulet and reported on August 21, 2025. It affects all Docker Desktop releases prior to version 4.44.3. The flaw demonstrates a
Windows Docker Desktop Flaw Enables Full Host Compromise Read More »
A highly capable South Asian Advanced Persistent Threat (APT) group has launched a coordinated cyber-espionage campaign aimed at military personnel and defense organizations across Sri Lanka, Bangladesh, Pakistan, and Turkey. The attackers are using a multi-layered strategy that combines targeted phishing with custom Android malware to compromise the smartphones of individuals connected to military institutions.
South Asian APTs Exploit Novel Tools to Target Military-Adjacent Phones Read More »
A new and sophisticated supply chain attack has been uncovered, targeting developers through a malicious Go module package. This package disguises itself as a legitimate SSH brute force tool but secretly collects and transmits stolen credentials to cybercriminal operators. Disguised Package with Hidden Malicious Intent The malicious package, named “golang-random-ip-ssh-bruteforce,” promotes itself as a fast
Malicious Go Module Acts as SSH Brute Forcer, Steals Passwords via Telegram Read More »