Threat

Five Malicious

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets

Security researchers have uncovered a group of malicious packages written in the Rust programming language that were uploaded to the official Rust package registry crates.io. These packages were disguised as utilities designed to manage or synchronize system time but were actually created to steal sensitive developer data. The five malicious crates identified are: According to researchers from Socket, the […]

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets Read More »

FortiGate Devices

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers have uncovered a campaign in which threat actors are exploiting vulnerabilities in FortiGate Next‑Generation Firewall devices to gain unauthorized access to corporate networks and steal sensitive credentials. According to a report from SentinelOne, attackers are targeting firewall appliances by exploiting recently disclosed security flaws or by using weak authentication credentials. Once inside the system,

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials Read More »

Salesforce Experience

Threat Actors Conduct Mass Scanning of Salesforce Experience Cloud Using Modified AuraInspector Tool

Cybersecurity teams at Salesforce have reported a surge in malicious activity targeting publicly accessible Experience Cloud environments. According to the company, attackers are conducting large scale scans of these sites using a modified version of an open source security tool known as AuraInspector. The campaign primarily focuses on identifying misconfigured guest user permissions, which can expose sensitive data stored within Salesforce

Threat Actors Conduct Mass Scanning of Salesforce Experience Cloud Using Modified AuraInspector Tool Read More »

CISA Known Exploited Vulnerabilities Catalog logo

CISA Warns of Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added three newly identified security vulnerabilities affecting SolarWinds, Ivanti, and Omnissa products to its Known Exploited Vulnerabilities (KEV) catalog after confirming that attackers are actively exploiting them. The KEV catalog is maintained by CISA to highlight vulnerabilities that are currently being used in real world cyber attacks, allowing organizations to prioritize patching

CISA Warns of Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One Read More »

Chrome-Extension

Chrome Extension Becomes Malicious After Ownership Transfer, Allowing Code Injection and Data Theft

Cybersecurity researchers have uncovered a troubling case where two Google Chrome extensions became malicious after their ownership changed. The situation highlights a growing security threat in the browser extension ecosystem, where trusted tools can be converted into malware distribution channels. The affected extensions were originally associated with a developer using the email akshayanuonline@gmail.com, linked to the

Chrome Extension Becomes Malicious After Ownership Transfer, Allowing Code Injection and Data Theft Read More »

Web Server Exploits and Mimikatz

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure

High profile organizations across South Asia, Southeast Asia, and East Asia are being targeted in an ongoing cyber campaign believed to be conducted by a Chinese linked threat group. The attacks have been running for several years and primarily focus on organizations that play a critical role in national infrastructure. Security researchers from Palo Alto Networks

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure Read More »

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT

Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign, codenamed VOID#GEIST, which leverages batch scripts to deliver encrypted remote access trojans (RATs) including XWorm, AsyncRAT, and Xeno RAT. The research was published by Securonix Threat Research. At a technical level, the attack uses an obfuscated batch script to deploy a secondary batch, stage a legitimate embedded

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT Read More »

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited

Cisco has confirmed that two security vulnerabilities affecting Cisco Catalyst SD-WAN Manager (previously known as SD-WAN vManage) are currently being exploited in real-world attacks. The vulnerabilities identified by Cisco are CVE-2026-20122 and CVE-2026-20128, both of which impact organizations using the SD-WAN management platform. Details of the Exploited Vulnerabilities The first issue, CVE-2026-20122, carries a CVSS score of 7.1 and allows an

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited Read More »

Europol-Led

Europol Led Operation Dismantles Tycoon 2FA Phishing as a Service Tied to 64,000 Attacks

A major international cybersecurity operation has successfully dismantled Tycoon 2FA, a large phishing-as-a-service platform that enabled cybercriminals to launch advanced phishing attacks targeting organizations worldwide. The takedown was coordinated by the European law enforcement agency Europol along with multiple cybersecurity firms and global investigators. Authorities confirmed that the platform was responsible for tens of thousands of phishing incidents

Europol Led Operation Dismantles Tycoon 2FA Phishing as a Service Tied to 64,000 Attacks Read More »

149 Hacktivist DDoS Attacks Strike 110 Organizations Across 16 Countries Following Middle East Conflict

A sharp escalation in hacktivist cyber activity has followed the coordinated U.S. and Israeli military campaign against Iran, known as Epic Fury and Roaring Lion. Cybersecurity analysts warn that the digital battlefield is rapidly expanding alongside physical hostilities, with distributed denial of service, DDoS, campaigns dominating the threat landscape. According to a new assessment from Radware, two hacktivist collectives,

149 Hacktivist DDoS Attacks Strike 110 Organizations Across 16 Countries Following Middle East Conflict Read More »