Threat

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation image import The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the […]

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Read More »

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

Cybersecurity researchers have identified a Ukraine-based IP network, FDN3 (AS211736), as the source of massive brute-force and password spraying attacks against SSL VPN and RDP systems. These activities took place between June and July 2025 and have raised concerns about the growing abuse of bulletproof hosting infrastructure to launch large-scale cyberattacks. The Origin of Attacks

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices Read More »

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity experts have noticed a notable shift in Android malware campaigns, where dropper apps—traditionally used to deliver banking trojans—are now distributing simpler malicious software such as SMS stealers and lightweight spyware. According to a report by ThreatFabric last week, these campaigns often impersonate government or banking apps in India and other Asian countries. The Dutch

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans Read More »

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents

Cyber attackers are abusing Windows Defender Application Control (WDAC) policies to shut down Endpoint Detection and Response (EDR) agents, leaving organizations with serious visibility gaps in their defenses. What started as a proof-of-concept has now evolved into a real-world threat adopted by advanced groups, including ransomware operators such as Black Basta. Key Insights According to

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents Read More »

Attackers Abuse Velociraptor Tool to Deploy VS Code for C2 Tunneling

Cybersecurity experts have uncovered a recent attack where unknown adversaries misused Velociraptor, an open-source digital forensic and endpoint monitoring tool, to further their malicious activities. This case highlights the ongoing abuse of legitimate software by threat actors to avoid detection. According to a report by the Sophos Counter Threat Unit Research Team, the attackers utilized

Attackers Abuse Velociraptor Tool to Deploy VS Code for C2 Tunneling Read More »

add a heading (13)

CISA Guide to Hunt and Defend Against Chinese Hackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the NSA, FBI, and several international partners, has released a major cybersecurity advisory exposing a global espionage campaign conducted by state-sponsored hackers from the People’s Republic of China (PRC). These operations are targeting critical infrastructure networks around the world. The 37-page document, “Countering Chinese

CISA Guide to Hunt and Defend Against Chinese Hackers Read More »

ClickTok Campaign Uses 10,000+ Malicious Domains to Target TikTok Shop Users

A new large-scale cybercrime operation known as ClickTok has surfaced, aiming at TikTok Shop users through a complex mix of phishing and malware distribution. Security researchers have discovered over 10,000 malicious domains involved in stealing login credentials and deploying spyware. The campaign marks a significant rise in e-commerce cyberattacks, leveraging the popularity of TikTok’s in-app

ClickTok Campaign Uses 10,000+ Malicious Domains to Target TikTok Shop Users Read More »