Salesforce has issued an alert after identifying unusual behavior involving applications published by Gainsight that integrate with the Salesforce platform. According to the company, the suspicious activity may have allowed unauthorized access to some customers data through the affected applications. In response, Salesforce has revoked all active access and refresh tokens tied to Gainsight published […]
A new wave of cyber attacks has emerged as Oligo Security reports active exploitation of a long standing security weakness in the Ray open source AI framework. This flaw, identified as CVE 2023 48022 with a critical 9.8 rating, is being used to compromise Ray clusters equipped with NVIDIA GPUs. The compromised infrastructure is then
Security analysts have revealed new insights about the Tsundere botnet, a rapidly expanding malware operation that targets Windows systems. Active since mid 2025, the threat uses JavaScript based payloads delivered from a remote command and control server, allowing attackers to execute arbitrary commands and flexibly modify botnet behavior. Propagation and Infection Mechanisms Although its initial
Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows Read More »
Recent findings indicate that Iranian-linked threat actors are increasingly combining cyber operations with real-world military objectives, a practice Amazon calls cyber-enabled kinetic targeting. By using digital reconnaissance to support physical attacks, these groups are demonstrating a significant evolution in modern warfare where cyber and kinetic domains are no longer separate. Blurring the Lines Between Cyber
Cybersecurity researchers at CTM360 have uncovered an expanding global campaign that hijacks WhatsApp accounts by exploiting deceptive login portals and impersonation tactics. The operation, called HackOnChat, imitates the familiar WhatsApp Web environment to manipulate users into compromising their own accounts. This campaign has grown quickly, targeting individuals across multiple regions and using sophisticated social engineering
CTM360 Reveals a Global WhatsApp Hijacking Operation Called HackOnChat Read More »
A global malvertising operation known as TamperedChef is actively spreading malware through fake installers disguised as trusted software. Attackers are using deceptive tactics to make users download harmful programs, allowing them to establish remote access and persistent control over infected systems. Recent findings from the Acronis Threat Research Unit show that the campaign remains active,
A new phishing campaign is leveraging advanced techniques to steal credentials from unsuspecting users. The Phishing-as-a-Service (PhaaS) kit called Sneaky 2FA has integrated Browser-in-the-Browser (BitB) functionality, making it easier for less experienced attackers to perform large-scale credential theft operations. How BitB Works Security researchers at Push Security reported that the technique is being used to
A critical security flaw affecting 7-Zip, tracked as CVE-2025-11001, is currently being actively exploited in the wild. The issue allows remote code execution via symbolic links in ZIP archives and impacts versions prior to 25.00, which was released in July 2025. Details of the Vulnerability The vulnerability arises from improper handling of symbolic links in
Cybersecurity analysts have uncovered a new campaign that combines social engineering with WhatsApp account hijacking to spread a Delphi based banking trojan known as Eternidade Stealer. This large scale operation specifically targets users in Brazil and relies on a Python powered WhatsApp worm to propagate malicious attachments. How the Campaign Operates Research from Trustwave SpiderLabs
Python Based WhatsApp Worm Spreads Eternidade Stealer Across Devices in Brazil Read More »
A China aligned threat actor known as PlushDaemon has been identified using a new Go based network backdoor called EdgeStepper. This tool enables adversary in the middle attacks by hijacking DNS queries and redirecting them to malicious infrastructure. Through this method, attackers can compromise legitimate software update channels and deliver harmful payloads. How the Attack