Daily Cyber News

add a heading

Hackers Exploit SendGrid Service to Steal User Login Credentials

A highly advanced phishing operation has been detected, abusing the trusted reputation of SendGrid to harvest user credentials. Attackers are using SendGrid’s legitimate cloud-based email service to distribute phishing emails that evade traditional email security filters. Campaign Overview This campaign relies on psychological manipulation and urgency tactics, with three crafted email themes designed to pressure […]

Hackers Exploit SendGrid Service to Steal User Login Credentials Read More »

add a heading

KorPlug Malware Analysis Reveals TTPs, Control Flow, and IOCs

A newly analyzed malware strain named KorPlug has surfaced as a significant cybersecurity threat. This malware leverages advanced obfuscation techniques that make detection and reverse engineering extremely challenging. Obfuscation and Execution Techniques KorPlug stands out due to its use of O-LLVM-based obfuscation, which transforms normal program structures into complex control flow graphs (CFGs). These techniques

KorPlug Malware Analysis Reveals TTPs, Control Flow, and IOCs Read More »

add a heading

Chinese Hacker Sentenced for Using Kill Switch on Ohio Company’s Global Network

A 55-year-old Chinese national, Davis Lu, has been sentenced to four years in federal prison for executing a destructive insider cyberattack on the global IT infrastructure of his former employer in Beachwood, Ohio. Lu exploited his privileged role as a software developer to implant advanced malware that disrupted thousands of users across multiple countries. The

Chinese Hacker Sentenced for Using Kill Switch on Ohio Company’s Global Network Read More »

vecteezy hacker in dark room with hooded sweatshirt red warning 69524586

Transparent Tribe Uses Malicious Desktop Shortcuts in Phishing Attacks on Indian Government

The advanced persistent threat (APT) group Transparent Tribe (APT36) has been observed targeting Indian government entities through a new campaign that leverages malicious desktop shortcut files on both Windows and BOSS Linux systems. According to CYFIRMA, attackers are relying on spear-phishing emails to gain initial access. In the case of Linux BOSS systems, malicious .desktop

Transparent Tribe Uses Malicious Desktop Shortcuts in Phishing Attacks on Indian Government Read More »

add a heading (16)

Malicious Go Module Masquerades as SSH Brute Forcer to Exfiltrate Credentials via Telegram

Cybersecurity experts have identified a malicious Go module that disguises itself as an SSH brute-force tool but secretly transmits stolen credentials to its operator. According to researcher Kirill Boychenko from Socket, the package immediately sends the victim’s IP address, username, and password to a hardcoded Telegram bot upon the first successful login. The module, named

Malicious Go Module Masquerades as SSH Brute Forcer to Exfiltrate Credentials via Telegram Read More »

add a heading (14)

AI Prompt Injection Powers New Gmail Phishing Attack to Bypass Security

Phishing has always relied on tricking people, but this latest campaign goes a step further. Instead of only targeting users, attackers are now attempting to manipulate AI-powered defenses as well. This operation builds on the Gmail phishing chain reported last week. That earlier campaign used urgency and link redirects, while this one introduces a new

AI Prompt Injection Powers New Gmail Phishing Attack to Bypass Security Read More »

add a heading (12)

GeoServer Exploits and Emerging Groups Expanding Cybercrime Beyond Botnets

Growing Cybercrime Campaigns Targeting Servers and IoT Devices Cybersecurity experts are highlighting multiple ongoing campaigns where attackers exploit known security flaws, particularly in Redis servers, to conduct malicious activities. These include building IoT botnets, setting up residential proxies, and creating cryptocurrency mining infrastructures. One major focus is CVE-2024-36401 (CVSS 9.8), a critical remote code execution

GeoServer Exploits and Emerging Groups Expanding Cybercrime Beyond Botnets Read More »

add a heading (11)

Hackers Evade EDR to Steal Windows Secrets and Credentials Undetected

Cybersecurity researchers have uncovered a stealthy method that enables attackers to extract Windows secrets and credentials without triggering alerts from most Endpoint Detection and Response (EDR) solutions. This approach can be used after gaining initial access to a system, allowing attackers to perform lateral movement across networks while staying hidden from standard monitoring tools. How

Hackers Evade EDR to Steal Windows Secrets and Credentials Undetected Read More »

add a heading (9)

Hackers Exploit ClickFix Technique to Target Windows and macOS Devices

Cybersecurity experts have uncovered a rapidly growing social engineering method known as ClickFix, which has been increasingly adopted by attackers since early 2024. This technique impacts both Windows and macOS devices, convincing users to unknowingly run harmful commands under the guise of routine troubleshooting steps. According to recent findings, thousands of enterprise and personal systems

Hackers Exploit ClickFix Technique to Target Windows and macOS Devices Read More »

add a heading (8)

Azure Default API Flaw Allows Cross-Tenant Compromise

A major security vulnerability was uncovered in Microsoft Azure’s API Connection infrastructure, allowing attackers to break tenant boundaries and gain unauthorized access to sensitive resources worldwide. The researcher behind the discovery, Gulbrandsrud, was awarded a $40,000 bug bounty and invited to present the findings at Black Hat. The issue originated from Azure’s shared API Management

Azure Default API Flaw Allows Cross-Tenant Compromise Read More »