Threat

Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware

Security researchers have observed a renewed Mustang Panda campaign that uses a fresh DLL side-loading method to deliver malicious payloads, targeting Tibetan advocacy groups with politically themed lures. The operation first appeared in June, 2025, and combines archive-based phishing, hidden library files, dynamic API resolution, and periodic task scheduling to maintain persistence and execute stolen […]

Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware Read More »

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce

The cybercriminal collective known as Scattered Lapsus$ Hunters has intensified their extortion efforts by launching a dedicated leak portal aimed at publishing stolen Salesforce data. This alliance, which includes prominent threat actors such as ShinyHunters, Scattered Spider, and Lapsus$, represents a new level of sophistication in ransomware-as-a-service operations, specifically targeting one of the most widely

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce Read More »

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases

A new wave of sophisticated ransomware attacks is targeting organizations worldwide by abusing legitimate database commands, bypassing traditional security tools through “malware-free” operations. Unlike typical ransomware that relies on malicious binaries to encrypt files, attackers are exploiting exposed database services, using standard database functionality to steal, erase, and demand ransom for critical information. This technique

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases Read More »

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data

A newly surfaced threat actor, calling itself Crimson Collective, has been observed targeting Amazon Web Services, AWS, environments to steal valuable data and pressure organizations with extortion. Recent claims by the group allege they breached Red Hat, taking private repositories from Red Hat’s GitLab instance. This activity signals a worrying shift toward cloud-centric attacks, and

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data Read More »

FreePBX SQL Injection Flaw Exploited to Alter Database Records

A critical, unauthenticated SQL injection vulnerability in FreePBX is being actively exploited, posing a severe risk to VoIP infrastructures worldwide. Attackers are abusing a web endpoint to inject database entries, create scheduled tasks, and ultimately run arbitrary code on compromised systems. What is affected, and why it matters FreePBX, the web-based administrative interface commonly used

FreePBX SQL Injection Flaw Exploited to Alter Database Records Read More »

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code

A rising email evasion technique, called hidden-text salting, is becoming a serious problem for email security, enabling attackers to hide large amounts of irrelevant or misleading content inside otherwise malicious messages. By abusing CSS properties and HTML structure, adversaries keep this content invisible to human recipients while confusing automated detection engines, including signature-based systems and

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code Read More »

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed

Since surfacing in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its methods to target government agencies, energy companies, and diplomatic missions across the Middle East and beyond. What began as credential-harvesting phishing campaigns has matured into a modular, multi-stage toolkit that supports deep network infiltration and prolonged espionage.

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed Read More »

GitLab Releases Security Update to Patch Multiple Vulnerabilities Enabling DoS Attacks

GitLab has rolled out critical security updates for both its Community Edition (CE) and Enterprise Edition (EE), introducing versions 18.4.2, 18.3.4, and 18.2.8. These updates address several vulnerabilities that could be exploited to perform denial-of-service (DoS) attacks or gain unauthorized access to GitLab systems. GitLab strongly recommends all self-managed installations upgrade immediately to avoid potential service interruptions. Meanwhile,

GitLab Releases Security Update to Patch Multiple Vulnerabilities Enabling DoS Attacks Read More »

Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials

Shuyal Stealer has quickly become one of the most flexible credential theft tools observed in recent months. First seen in early August, its modular design enables it to target a wide variety of web browsers, including Chromium-based, Gecko-based, and legacy engines, making it a high-risk threat for many environments. Early signs and impact Initial indicators

Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials Read More »

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases

A major security vulnerability was discovered in the Microsoft Events platform, which could have allowed unauthorized access to personal information stored in two separate databases — the event registration list and the waitlist database. Discovery of the Flaw The issue was identified by a 15-year-old bug bounty researcher, known as Faav, who uncovered that the flaw exposed

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases Read More »