The threat group known as ToddyCat has introduced new techniques designed to infiltrate corporate email systems and extract sensitive data from targeted organizations. According to a technical report by Kaspersky, the group is now using a custom tool called TCSectorCopy to obtain access to Microsoft Outlook data and OAuth 2.0 tokens. Kaspersky noted that this […]
Cybersecurity analysts have uncovered a new threat campaign in which attackers are weaponizing Blender Foundation files to distribute an upgraded version of the StealC information stealer, known as StealC V2. The activity has been ongoing for at least six months, according to Morphisec researcher Shmuel Uzan, who reported that malicious .blend files were discovered on
The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory warning that multiple threat groups are conducting active spyware operations aimed at users of secure messaging platforms, particularly Signal and WhatsApp. The agency said attackers are deploying commercial spyware and remote access trojans to breach mobile devices through targeted social engineering
CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users Read More »
A recently addressed security flaw in Microsoft Windows Server Update Services, also known as WSUS, is being actively abused by attackers to deploy the advanced ShadowPad malware. According to a report from the AhnLab Security Intelligence Center, the threat actors used CVE 2025 59287 as the initial entry point into targeted Windows servers. Attackers Use
ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access Read More »
A new investigation by CrowdStrike has uncovered that DeepSeek R1, a reasoning model developed by the Chinese company DeepSeek, generates significantly more insecure code when prompts include topics considered politically sensitive by China. The researchers noted that the model introduces severe security flaws up to fifty percent more frequently whenever such trigger terms appear. Sensitive
Chinese DeepSeek R1 AI Produces Insecure Code When Prompts Reference Tibet or Uyghurs Read More »
Cybersecurity analysts have identified five significant vulnerabilities in Fluent Bit, a widely used open source telemetry agent. These flaws can be combined to compromise cloud environments and potentially give attackers full control over infrastructure. Oligo Security shared the findings, noting that the weaknesses allow authentication bypass, path traversal, remote code execution, service disruption, and tag
A new supply chain attack has been identified across the npm ecosystem, marking a second wave of activity similar to the earlier Shai Hulud incident. Security companies report that thousands of repositories and hundreds of npm packages were compromised between November 21 and 23, 2025. The latest campaign has been named Sha1 Hulud and involves
A newly identified flaw in Azure Bastion, tracked as CVE 2025 49752, presents a serious security risk for organizations depending on the service for secure remote access. The vulnerability allows remote attackers to bypass authentication controls and escalate privileges to the administrative level. Since Azure Bastion is widely used to manage cloud based virtual machines,
A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed
China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »
Cybersecurity analysts have identified a new trend in phishing operations, where browser notifications are being misused to push malicious links through a command and control platform known as Matrix Push C2. According to a recent report from BlackFog researcher Brenda Robb, the framework operates entirely within the browser environment, using push alerts, fake system style