Threat

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT

Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign, codenamed VOID#GEIST, which leverages batch scripts to deliver encrypted remote access trojans (RATs) including XWorm, AsyncRAT, and Xeno RAT. The research was published by Securonix Threat Research. At a technical level, the attack uses an obfuscated batch script to deploy a secondary batch, stage a legitimate embedded […]

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT Read More »

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited

Cisco has confirmed that two security vulnerabilities affecting Cisco Catalyst SD-WAN Manager (previously known as SD-WAN vManage) are currently being exploited in real-world attacks. The vulnerabilities identified by Cisco are CVE-2026-20122 and CVE-2026-20128, both of which impact organizations using the SD-WAN management platform. Details of the Exploited Vulnerabilities The first issue, CVE-2026-20122, carries a CVSS score of 7.1 and allows an

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited Read More »

Europol-Led

Europol Led Operation Dismantles Tycoon 2FA Phishing as a Service Tied to 64,000 Attacks

A major international cybersecurity operation has successfully dismantled Tycoon 2FA, a large phishing-as-a-service platform that enabled cybercriminals to launch advanced phishing attacks targeting organizations worldwide. The takedown was coordinated by the European law enforcement agency Europol along with multiple cybersecurity firms and global investigators. Authorities confirmed that the platform was responsible for tens of thousands of phishing incidents

Europol Led Operation Dismantles Tycoon 2FA Phishing as a Service Tied to 64,000 Attacks Read More »

149 Hacktivist DDoS Attacks Strike 110 Organizations Across 16 Countries Following Middle East Conflict

A sharp escalation in hacktivist cyber activity has followed the coordinated U.S. and Israeli military campaign against Iran, known as Epic Fury and Roaring Lion. Cybersecurity analysts warn that the digital battlefield is rapidly expanding alongside physical hostilities, with distributed denial of service, DDoS, campaigns dominating the threat landscape. According to a new assessment from Radware, two hacktivist collectives,

149 Hacktivist DDoS Attacks Strike 110 Organizations Across 16 Countries Following Middle East Conflict Read More »

Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries

Google-owned researchers and independent intelligence teams have uncovered fresh details about an artificial intelligence driven campaign targeting Fortinet FortiGate devices worldwide. Investigators now confirm that the attackers relied on an open-source offensive platform known as CyberStrikeAI to automate and scale their operations. AI Tool Identified in Mass Exploitation Campaign Threat analysts at Team Cymru traced the infrastructure

Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries Read More »

Starkiller Phishing Kit Leverages AiTM Reverse Proxy to Evade Multi Factor Authentication

Cybersecurity researchers have uncovered a powerful new phishing toolkit named Starkiller that leverages adversary in the middle technology to bypass multi factor authentication protections. The phishing suite is being promoted by a cybercrime group calling itself Jinkusu. It is marketed as a phishing as a service platform that provides subscribers with a centralized dashboard to

Starkiller Phishing Kit Leverages AiTM Reverse Proxy to Evade Multi Factor Authentication Read More »

Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets

Microsoft has issued a security warning about ongoing phishing campaigns that misuse OAuth URL redirection mechanisms to bypass traditional email and browser based phishing defenses. According to the Microsoft Defender Security Research Team, the attacks primarily target government and public sector organizations. Instead of stealing authentication tokens or exploiting software vulnerabilities, the campaigns manipulate legitimate

Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets Read More »

Thousands of Google Cloud API Keys Exposed After Gemini Access Enabled

A new security analysis has revealed that thousands of publicly exposed Google Cloud API keys could be misused to access sensitive Gemini AI endpoints once the Generative Language API is activated within a project. Researchers at Truffle Security identified nearly 3,000 Google API keys, recognizable by the prefix AIza, embedded in client side JavaScript code across websites.

Thousands of Google Cloud API Keys Exposed After Gemini Access Enabled Read More »

U.S. DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice announced the seizure of approximately 61 million dollars in Tether connected to large scale cryptocurrency fraud operations commonly referred to as pig butchering scams. Authorities stated that the confiscated digital assets were traced to wallet addresses used to launder proceeds stolen from victims of fraudulent crypto investment schemes. Federal investigators

U.S. DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams Read More »

Over 900 Sangoma FreePBX Instances Compromised in Active Web Shell Attacks

More than 900 internet facing FreePBX systems from Sangoma Technologies remain compromised with web shells following exploitation of a serious command injection vulnerability, according to findings released by Shadowserver Foundation. The large scale compromise began in December 2025 and continues to impact organizations worldwide. Of the affected instances, 401 are located in the United States, 51 in Brazil,

Over 900 Sangoma FreePBX Instances Compromised in Active Web Shell Attacks Read More »