Mar 12, 2025Ravie LakshmananEndpoint Security / Vulnerability Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is… Read More "Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks"
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. “The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high… Read More "Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks"
Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can… Read More "How XWorm Hides Inside Images"
Mar 11, 2025Ravie LakshmananNetwork Security / Vulnerability Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. “The botnet exploits a remote code execution (RCE) vulnerability… Read More "Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices"
Mar 11, 2025The Hacker NewsBreach Simulation / Penetration Testing In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The… Read More "Adversarial Exposure Validation Exposes Real Threats"
Mar 11, 2025Ravie LakshmananICS Security / Vulnerability Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has… Read More "Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches"
Mar 11, 2025Ravie LakshmananCyber Espionage / Maritime Security Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky… Read More "SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa"
Mar 11, 2025Ravie LakshmananEnterprise Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of… Read More "CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List"
The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive… Read More "Why The Modern Google Workspace Needs Unified Security"
Mar 10, 2025Ravie LakshmananCybersecurity / Malware Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. “The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows… Read More "Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials"
