Threat

Fog Ransomware Targets US Organizations Using Compromised VPN Credentials

A new ransomware variant known as Fog has emerged as a notable threat to organizations in the education and recreation sectors across the United States. Overview of the Threat Starting in early May 2024, Arctic Wolf Labs began monitoring Fog ransomware in multiple incident response cases. Approximately 80 percent of affected organizations operate in education, […]

Fog Ransomware Targets US Organizations Using Compromised VPN Credentials Read More »

Cisco Switches Affected by Reboot Loops Caused by DNS Client Bug

Several Cisco switch models are unexpectedly entering reboot loops after reporting critical DNS client errors, according to recent reports compiled by BleepingComputer. The issue appears to have started around 2 AM, when a firmware problem in the switches’ DNS client service began treating DNS lookup failures as fatal errors. This caused the affected switches to

Cisco Switches Affected by Reboot Loops Caused by DNS Client Bug Read More »

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors linked to APT28, also known as BlueDelta, have been identified running an ongoing credential-harvesting operation aimed at energy research and policy-related organizations across multiple regions. According to findings, the campaign primarily targeted individuals connected to a Turkish energy and nuclear research body, employees of a European policy think tank, and organizations operating in North

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations Read More »

FBI Warns of North Korean Hackers Using Malicious QR Codes in Spear-Phishing Attacks

The U.S. Federal Bureau of Investigation (FBI) has issued a new advisory warning that North Korean state sponsored threat actors are actively using malicious QR codes in spear phishing campaigns targeting organizations across the United States. According to the FBI, as of 2025, actors linked to the Kimsuky threat group have targeted think tanks, academic institutions, and both U.S.

FBI Warns of North Korean Hackers Using Malicious QR Codes in Spear-Phishing Attacks Read More »

CISA Retires 10 Emergency Cybersecurity Directives Issued From 2019 to 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced the retirement of 10 Emergency Directives (EDs) that were originally issued between 2019 and 2024 to address urgent and high impact cybersecurity threats facing federal systems. According to CISA, these directives are now considered closed after successful remediation efforts and the integration of long term

CISA Retires 10 Emergency Cybersecurity Directives Issued From 2019 to 2024 Read More »

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging

Cybersecurity researchers have uncovered a new malware campaign that abuses WhatsApp as a distribution channel to spread the Astaroth banking trojan across Brazil. The operation specifically targets Windows users and represents an evolution in how financial malware is propagated in the region. The campaign has been named Boto Cor-de-Rosa by the Acronis Threat Research Unit.

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging Read More »

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release

Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released. The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release Read More »

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes

Cybersecurity researchers have attributed a series of espionage driven cyber intrusions to a China linked threat actor tracked as UAT 7290, which has been actively targeting organizations across South Asia and Southeastern Europe. According to a new report published by Cisco Talos, the activity cluster has been operational since at least 2022 and is known

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes Read More »

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches

Cybersecurity authorities have linked the notorious Black Cat gang to an ongoing SEO poisoning campaign that targets popular software searches, tricking users into downloading malicious backdoors capable of stealing sensitive information. Fraudulent Sites Target Popular Software According to reports by CNCERT/CC and Beijing Weibu Online (ThreatBook), the threat actors manipulate search engine results on platforms

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches Read More »

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code

Cybersecurity researchers have uncovered a new Python based information stealing malware known as VVS Stealer, also referred to as VVS $tealer, which is actively targeting Discord users by harvesting account credentials and authentication tokens. According to an analysis published by Palo Alto Networks Unit 42, this stealer has been circulating in underground Telegram channels since at least

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code Read More »