North Korean hackers linked to the Contagious Interview campaign are enhancing their malicious tools by merging two major malware families, BeaverTail and OtterCookie. This evolution, observed by Cisco Talos, shows that the group is actively upgrading its capabilities and refining its JavaScript-based attack methods. Ongoing Campaign and New Findings According to Cisco Talos, the recent […]
Microsoft has taken decisive action against a cyber campaign linked to the Rhysida ransomware group by revoking more than 200 fraudulent code-signing certificates. These certificates were misused by a threat actor known as Vanilla Tempest to disguise malicious software as legitimate Microsoft Teams installers. Discovery and Disruption According to the Microsoft Threat Intelligence team, the
Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks Read More »
An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker
LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »
Cybersecurity researchers have observed a financially motivated threat actor, tracked as UNC5142, leveraging blockchain smart contracts to distribute information-stealing malware targeting both Windows and macOS systems. This operation demonstrates how attackers combine traditional web compromises with modern Web3 technology to evade detection and increase operational resilience. Malware Distribution via WordPress and Blockchain According to the
Microsoft has revealed two major security vulnerabilities in its Windows BitLocker encryption system that could let attackers with physical access bypass data protection and read encrypted files. The flaws, listed as CVE-2025-55338 and CVE-2025-55333, were disclosed on October 14, 2025, as part of Microsoft’s Patch Tuesday updates. Both issues are rated Important with a CVSS
Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe security flaw affecting Adobe Experience Manager (AEM). The flaw, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been confirmed to be under active exploitation. With a CVSS score of 10.0, this bug represents the highest level of
CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation Read More »
A newly discovered malware campaign is spreading rapidly across Brazil, using WhatsApp as its main delivery channel. Cybersecurity experts have identified this advanced banking Trojan as “Maverick”, a threat capable of taking remote control of infected computers and stealing sensitive financial data. Massive Scale of Infection Researchers report that over 62,000 infection attempts were blocked
Banking Malware Exploits WhatsApp to Take Remote Control of Computers Read More »
A Chinese-linked cyber threat group, known as Jewelbug, has successfully infiltrated a Russian IT service provider for five months, marking the group’s expansion beyond its traditional targets in Southeast Asia and South America. This operation, running from January to May 2025, underscores the continued reach of Chinese cyber espionage. Background on Jewelbug and Related Clusters
Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months Read More »
Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »
In mid-2025, cybersecurity researchers at Lab539 detected an unexpected rise in a new browser-based malware campaign known as ClickFix. First appearing quietly in July, this threat quickly grew by registering over 13,000 unique domains aimed at tricking users into running malicious commands on their own devices. How ClickFix Works ClickFix attacks utilize compromised or low-cost
Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks Read More »