Threat

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools

Chinese state aligned hacking groups continue to rely on long standing software vulnerabilities to conduct stealthy cyber operations across the globe. A recent incident involving a U.S. based non profit organization shows how older flaws such as Log4j, Atlassian, Struts, and IIS weaknesses are still being reused to gain long term access for intelligence gathering. […]

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools Read More »

Hidden Logic Bombs in Malicious NuGet Packages Set to Detonate Years After Installation

A sophisticated software supply chain attack has been uncovered, involving nine malicious NuGet packages designed to lie dormant for years before activating their destructive payloads. These “logic bombs,” set to trigger in 2027 and 2028, aim to sabotage databases and corrupt critical industrial control systems, posing a long-term threat to organizations. A Patient and Stealthy

Hidden Logic Bombs in Malicious NuGet Packages Set to Detonate Years After Installation Read More »

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality

Cybersecurity researchers have uncovered a malicious extension for Microsoft’s Visual Studio Code (VS Code) that contains basic ransomware functionality. The extension, which appears to have been “vibe-coded” or created with the assistance of artificial intelligence, highlights a new frontier in software supply chain threats. A Brazenly Malicious Extension Discovered by Secure Annex researcher John Tuckner,

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality Read More »

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

In a sophisticated evasion technique, the Russia-aligned threat actor known as Curly COMrades is now exploiting Windows’ native Hyper-V virtualization to create a hidden Linux environment. This covert space is used to host custom malware, effectively bypassing traditional Endpoint Detection and Response (EDR) security measures. A Hidden Virtual Environment for Stealthy Operations According to a

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection Read More »

Cisco Alerts Users to New Firewall Attack Exploiting CVE 2025 20333 and CVE 2025 20362

Cisco has issued a critical security alert, warning users of a new attack variant targeting its Secure Firewall appliances. This campaign exploits two specific vulnerabilities, CVE-2025-20333 and CVE-2025-20362, which can cause unpatched devices to crash and create a denial-of-service (DoS) condition, disrupting network operations. Exploited Vulnerabilities in Firewall Software The networking giant disclosed that it

Cisco Alerts Users to New Firewall Attack Exploiting CVE 2025 20333 and CVE 2025 20362 Read More »

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

A previously unidentified threat actor, aligned with Russian interests, has been discovered impersonating the cybersecurity firm ESET in a sophisticated phishing campaign against Ukrainian targets. The attacks, detected in May 2025, involved distributing malicious software installers that deployed a stealthy backdoor known as Kalambur. Deceptive Phishing Lures and Communication Channels The group, tracked by ESET

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine Read More »

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach

Network security giant SonicWall has officially confirmed that a sophisticated state-sponsored threat actor was responsible for a September security incident. The breach resulted in the unauthorized access of firewall configuration backup files from a specific cloud environment, though the company has assured customers that its core products and firmware remain unaffected. Isolated Breach in a

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach Read More »

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions

A previously unknown hacking group, codenamed “SmudgedSerpent,” has been uncovered targeting American academics and foreign policy specialists. This cyber espionage campaign, which occurred between June and August 2025, aligns with a period of significantly heightened tensions between Iran and Israel, pointing to a clear intelligence-gathering motive. Deceptive Lures and Established Playbooks The threat actor, identified

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions Read More »

U.S. Imposes Sanctions on 10 North Korean Entities for Laundering $12.7 Million Through Crypto and IT Fraud

In a significant move to disrupt North Korea’s illicit financing activities, the U.S. Treasury Department has sanctioned a network of ten individuals and entities. This action targets those accused of laundering millions of dollars generated through cybercrime and a global IT worker fraud scheme, directly channeling funds into the regime’s prohibited weapons development programs. Targeting

U.S. Imposes Sanctions on 10 North Korean Entities for Laundering $12.7 Million Through Crypto and IT Fraud Read More »

Unprecedented Cybercrime Alliance: Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

A new and alarming cyber alliance has surfaced, merging three of the most infamous hacker groups — Scattered Spider, LAPSUS$, and ShinyHunters. Together, they have formed a unified collective called Scattered LAPSUS$ Hunters (SLH), signaling a new phase of organized cybercrime that blends extortion, social engineering, and brand manipulation. A New Wave of Cyber Collaboration

Unprecedented Cybercrime Alliance: Scattered Spider, LAPSUS$, and ShinyHunters Join Forces Read More »