20740 matches found
Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities ha...
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The...
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require...
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected...
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate...
Mozilla Patches Critical Firefox Bug Similar to Chrome's Recent Zero-Day Vulnerability
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an...
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records
Cybersecurity researchers have shed light on a new phishing-as-a-service PhaaS platform that leverages the Domain Name System DNS mail exchange MX records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishi...
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response EDR software on compromised hosts, according to ESET...
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for...
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim's system. Here are the top three Microsoft...
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe...
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform XP to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the...
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew...
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc...
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware stra...
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are...
Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience
"A boxer derives the greatest advantage from his sparring partner…" — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn't...
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783 , has been described as a case of "incorrect handl...
How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity...
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen...
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released
Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System CVSS. "VMware Tools for Windows...
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
A new investigation has unearthed nearly 200 unique command-and-control C2 domains associated with a malware called Raspberry Robin. "Raspberry Robin also known as Roshtyak or Storm-0856 is a complex and evolving threat actor that provides initial access broker IAB services to numerous criminal...
Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant ,...
AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
Organizations now use an average of 112 SaaS applications —a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microso...
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI .NET MAUI framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps...
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border...
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities...
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence GenAI...
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
A ransomware-as-a-service RaaS operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as $500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit...
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn't the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—whil...
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace...
How to Balance Password Security Against User Experience
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don't prioritize strong password security. However, balancing security and usability doesn't have to be a zero-sum game. By implementing the right best practices and tools, you can...
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927 , carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header...
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their...
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and poli...
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and...
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
The threat actors behind the Medusa ransomware-as-a-service RaaS operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver BYOVD attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware...
10 Critical Network Pentest Findings IT Teams Overlook
After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are...
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
The China-linked advanced persistent threat APT group known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, Catholic charities, non-governmental organizations NGOs, and think tanks across...
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control C2 servers...
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below - CVE-2024-20439 CVSS score: 9.8 - The presence of an undocumented static us...
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and...
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120 , carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12...
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through...
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance...
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses SMBs are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain...
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 CVSS...
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
The Computer Emergency Response Team of Ukraine CERT-UA is warning of a new campaign that targets the defense sectors with Dark Crystal RAT aka DCRat. The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual...