Attack

marcsimmons westblock parlimentexterior 1113x800

Canada House of Commons Hit by Microsoft Exploit

On August 9, 2025, the Canadian House of Commons experienced a cyberattack in which threat actors exploited a recently disclosed Microsoft vulnerability to gain unauthorized access to sensitive employee data. The incident highlights the persistent cybersecurity challenges facing Canadian government institutions amid a rapidly escalating global threat landscape. Details of the Breach According to an […]

Canada House of Commons Hit by Microsoft Exploit Read More »

add a heading (1)

Hackers Use Phishlet for FIDO Downgrade Attacks

FIDO Passkeys Face New Downgrade Attack Threat A new and highly sophisticated cyber threat has surfaced, targeting one of the most trusted authentication technologies in modern cybersecurity. FIDO-based passkeys, widely regarded as the gold standard for phishing-resistant authentication, are now vulnerable to an advanced downgrade attack. This technique forces users to abandon strong FIDO authentication

Hackers Use Phishlet for FIDO Downgrade Attacks Read More »

c0004cd9 86e7 468d a9af a5c33309db60

Researchers Discover XZ Utils Backdoor in Dozens of Docker Hub Images, Increasing Supply Chain Risks

Security researchers have discovered dozens of Docker Hub images infected with the notorious XZ Utils backdoor, more than a year after the incident was first revealed. Even more concerning, several other images have been built on top of these compromised base images, spreading the backdoor indirectly across the Docker ecosystem, according to a Binarly Research

Researchers Discover XZ Utils Backdoor in Dozens of Docker Hub Images, Increasing Supply Chain Risks Read More »

Hackers Can Exploit New Win-DDoS Flaws to Convert Public Domain Controllers into DDoS Botnets

Hackers Can Exploit New Win-DDoS Flaws to Turn Public Domain Controllers into Powerful Botnets A newly discovered attack method could be used to hijack thousands of publicly accessible Domain Controllers (DCs) worldwide, transforming them into a massive botnet capable of delivering high-powered Distributed Denial-of-Service (DDoS) attacks. The technique, named Win-DDoS, was uncovered by SafeBreach researchers

Hackers Can Exploit New Win-DDoS Flaws to Convert Public Domain Controllers into DDoS Botnets Read More »

Cyber Attacks on AI Infrastructure Surge as Critical Vulnerabilities Are Exposed

In a troubling new development, cybercriminals are increasingly targeting the core infrastructure behind artificial intelligence, including GPU clusters, model-serving gateways, and training pipelines used in large language model (LLM) deployments. Over the past six months, a new malware family dubbed “ShadowInit” has been observed in attacks focused not just on GPU resources but on stealing

Cyber Attacks on AI Infrastructure Surge as Critical Vulnerabilities Are Exposed Read More »

APT36 Hackers Target Indian Government to Steal Login Credentials

A new phishing campaign linked to Pakistan-based APT36 has been identified as a significant threat to Indian government systems. First discovered in August 2025, this operation uses typo-squatted domains to mimic official Indian login portals. When users enter their email credentials, they are redirected to fake pages that closely resemble the National Informatics Centre’s Kavach authentication system.

APT36 Hackers Target Indian Government to Steal Login Credentials Read More »

ClickFix Malware Uses CAPTCHA Tricks to Launch Cross-Platform Attacks

A clever blend of social engineering, stealthy delivery, and technical evasion has made ClickFix one of the fastest-growing malware tactics in recent cybersecurity history, according to a report by Guardio Labs. “Just like a real-world virus variant, ClickFix quickly outpaced the infamous fake browser update scam,” said researcher Shaked Chen, sharing the findings with The Hacker

ClickFix Malware Uses CAPTCHA Tricks to Launch Cross-Platform Attacks Read More »