Security Issues, Vulnerabilities, Exploits & Government Alerts
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected…
Mar 31, 2025Ravie LakshmananData Theft / Website Security Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to…
Mar 31, 2025Ravie LakshmananThreat Intelligence / Cybersecurity Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what…
Mar 31, 2025The Hacker NewsIntrusion Detection / Vulnerability If you’re using AWS, it’s easy to assume your cloud security is handled – but that’s a dangerous misconception. AWS secures its own infrastructure, but security within…
Mar 31, 2025Ravie LakshmananThreat Intelligence / Malware Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. “The file names use Russian words…
Mar 30, 2025Ravie LakshmananVulnerability / Zero-Day The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched…
Mar 29, 2025Ravie LakshmananThreat Intelligence / Mobile Security Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to target users in Spain and Turkey. “Crocodilus enters the scene not as…
Mar 29, 2025Ravie LakshmananCybercrime / Vulnerability In what’s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their…
Mar 28, 2025Ravie LakshmananOperational Technology / Vulnerability Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to…
Mar 28, 2025Ravie LakshmananEndpoint Security / Threat Intelligence Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that’s designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares…