Attack

Salesforce Experience

Threat Actors Conduct Mass Scanning of Salesforce Experience Cloud Using Modified AuraInspector Tool

Cybersecurity teams at Salesforce have reported a surge in malicious activity targeting publicly accessible Experience Cloud environments. According to the company, attackers are conducting large scale scans of these sites using a modified version of an open source security tool known as AuraInspector. The campaign primarily focuses on identifying misconfigured guest user permissions, which can expose sensitive data stored within Salesforce […]

Threat Actors Conduct Mass Scanning of Salesforce Experience Cloud Using Modified AuraInspector Tool Read More »

Experts Identify Pakistan Linked Cyber Campaigns Targeting Indian Government Entities

Cybersecurity researchers have uncovered two previously undocumented cyber campaigns targeting Indian government entities, attributed to a threat actor believed to be operating from Pakistan. The campaigns, identified by Zscaler ThreatLabz in September 2025, have been named Gopher Strike and Sheet Attack. According to researchers Sudeep Singh and Yin Hong Chang, the operations show overlaps with known Pakistan-linked APT activity, particularly

Experts Identify Pakistan Linked Cyber Campaigns Targeting Indian Government Entities Read More »

AISURU Botnet Behind Record 29.7 Tbps DDoS Attack Using 4M Infected Hosts

Cloudflare reported on Wednesday that it successfully detected and mitigated the largest recorded distributed denial-of-service (DDoS) attack to date, reaching 29.7 terabits per second (Tbps). The attack originated from the AISURU botnet-for-hire, which has been tied to multiple hyper-volumetric DDoS campaigns over the past year. The assault lasted 69 seconds, though Cloudflare did not disclose

AISURU Botnet Behind Record 29.7 Tbps DDoS Attack Using 4M Infected Hosts Read More »

Active Attacks on WordPress King Addons Flaw Allow Hackers to Create Admin Accounts

A severe security vulnerability affecting the King Addons for Elementor WordPress plugin is currently under active exploitation. The flaw, tracked as CVE-2025-8489 with a CVSS score of 9.8, allows unauthenticated attackers to escalate their privileges by registering directly as administrators. The issue impacts all plugin versions from 24.12.92 up to 51.1.14. The maintainers issued a

Active Attacks on WordPress King Addons Flaw Allow Hackers to Create Admin Accounts Read More »

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report

A recent advisory from the Cybersecurity and Infrastructure Security Agency highlights the growing threat of the Akira ransomware group, which has rapidly become one of the most aggressive cybercrime operations targeting global businesses. Ransomware Impact and Financial Losses Since March 2023, Akira has compromised more than 250 organizations across North America, Europe, and Australia. According

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report Read More »

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool

A North Korea linked actor known as Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has run targeted campaigns that compromise Android and Windows systems, steal credentials, and gain remote control of victims’ devices. Researchers at the Genians Security Center say the group used social engineering to distribute malware disguised as

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool Read More »

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

In a sophisticated evasion technique, the Russia-aligned threat actor known as Curly COMrades is now exploiting Windows’ native Hyper-V virtualization to create a hidden Linux environment. This covert space is used to host custom malware, effectively bypassing traditional Endpoint Detection and Response (EDR) security measures. A Hidden Virtual Environment for Stealthy Operations According to a

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection Read More »

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets

The North Korea-aligned advanced persistent threat (APT) group Kimsuky has been discovered using a previously unknown backdoor, codenamed HttpTroy, in a highly targeted spear-phishing campaign. The attack, aimed at a single victim in South Korea, employed a sophisticated multi-stage infection chain disguised as a legitimate VPN invoice. The Deceptive Lure and Initial Compromise The attack began

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets Read More »

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux

In a stark reminder of the vulnerabilities within open-source ecosystems, cybersecurity analysts have unearthed ten deceptive npm packages engineered to pilfer sensitive developer credentials. These packages, capable of operating on Windows, macOS, and Linux, employ sophisticated stealth techniques to avoid detection while harvesting a treasure trove of personal and corporate data. The Deceptive Packages and

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux Read More »

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics

Russian threat actors have reportedly conducted a series of stealthy cyberattacks on organizations in Ukraine, aiming to steal confidential data and maintain persistent access to compromised networks.According to a recent joint report by Symantec and Carbon Black Threat Hunter Team, the attacks targeted a large business services company for two months and a local government

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics Read More »